diff --git a/.github/workflows/__analyze-ref-input.yml b/.github/workflows/__analyze-ref-input.yml index 1c27da3fc..0fc55f297 100644 --- a/.github/workflows/__analyze-ref-input.yml +++ b/.github/workflows/__analyze-ref-input.yml @@ -7,6 +7,7 @@ name: "PR Check - Analyze: 'ref' and 'sha' from inputs" env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GO111MODULE: auto + CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true' on: push: branches: diff --git a/.github/workflows/__autobuild-action.yml b/.github/workflows/__autobuild-action.yml index 807df26c4..eeed7f3dc 100644 --- a/.github/workflows/__autobuild-action.yml +++ b/.github/workflows/__autobuild-action.yml @@ -7,6 +7,7 @@ name: PR Check - autobuild-action env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GO111MODULE: auto + CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true' on: push: branches: diff --git a/.github/workflows/__export-file-baseline-information.yml b/.github/workflows/__export-file-baseline-information.yml index e8bb8ad7c..01b0c3e22 100644 --- a/.github/workflows/__export-file-baseline-information.yml +++ b/.github/workflows/__export-file-baseline-information.yml @@ -7,6 +7,7 @@ name: PR Check - Export file baseline information env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GO111MODULE: auto + CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true' on: push: branches: diff --git a/.github/workflows/__extractor-ram-threads.yml b/.github/workflows/__extractor-ram-threads.yml index 8a3ca5a28..2fa4dd308 100644 --- a/.github/workflows/__extractor-ram-threads.yml +++ b/.github/workflows/__extractor-ram-threads.yml @@ -7,6 +7,7 @@ name: PR Check - Extractor ram and threads options test env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GO111MODULE: auto + CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true' on: push: branches: diff --git a/.github/workflows/__go-custom-queries.yml b/.github/workflows/__go-custom-queries.yml index ebbdf5239..d785779eb 100644 --- a/.github/workflows/__go-custom-queries.yml +++ b/.github/workflows/__go-custom-queries.yml @@ -7,6 +7,7 @@ name: 'PR Check - Go: Custom queries' env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GO111MODULE: auto + CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true' on: push: branches: diff --git a/.github/workflows/__go-tracing-autobuilder.yml b/.github/workflows/__go-tracing-autobuilder.yml index a491c478d..b85cd6fad 100644 --- a/.github/workflows/__go-tracing-autobuilder.yml +++ b/.github/workflows/__go-tracing-autobuilder.yml @@ -7,6 +7,7 @@ name: 'PR Check - Go: tracing with autobuilder step' env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GO111MODULE: auto + CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true' on: push: branches: diff --git a/.github/workflows/__go-tracing-custom-build-steps.yml b/.github/workflows/__go-tracing-custom-build-steps.yml index b6e8055bb..f89d77ca7 100644 --- a/.github/workflows/__go-tracing-custom-build-steps.yml +++ b/.github/workflows/__go-tracing-custom-build-steps.yml @@ -7,6 +7,7 @@ name: 'PR Check - Go: tracing with custom build steps' env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GO111MODULE: auto + CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true' on: push: branches: diff --git a/.github/workflows/__go-tracing-legacy-workflow.yml b/.github/workflows/__go-tracing-legacy-workflow.yml index e06ea36d7..2cc72c05b 100644 --- a/.github/workflows/__go-tracing-legacy-workflow.yml +++ b/.github/workflows/__go-tracing-legacy-workflow.yml @@ -7,6 +7,7 @@ name: 'PR Check - Go: tracing with legacy workflow' env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GO111MODULE: auto + CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true' on: push: branches: diff --git a/.github/workflows/__init-with-registries.yml b/.github/workflows/__init-with-registries.yml index 958fca7de..cd0a1da52 100644 --- a/.github/workflows/__init-with-registries.yml +++ b/.github/workflows/__init-with-registries.yml @@ -7,6 +7,7 @@ name: 'PR Check - Packaging: Download using registries' env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GO111MODULE: auto + CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true' on: push: branches: diff --git a/.github/workflows/__javascript-source-root.yml b/.github/workflows/__javascript-source-root.yml index c32a27cbe..9b54794c3 100644 --- a/.github/workflows/__javascript-source-root.yml +++ b/.github/workflows/__javascript-source-root.yml @@ -7,6 +7,7 @@ name: PR Check - Custom source root env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GO111MODULE: auto + CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true' on: push: branches: diff --git a/.github/workflows/__ml-powered-queries.yml b/.github/workflows/__ml-powered-queries.yml index 4b6367ee6..848de5f94 100644 --- a/.github/workflows/__ml-powered-queries.yml +++ b/.github/workflows/__ml-powered-queries.yml @@ -7,6 +7,7 @@ name: PR Check - ML-powered queries env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GO111MODULE: auto + CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true' on: push: branches: diff --git a/.github/workflows/__multi-language-autodetect.yml b/.github/workflows/__multi-language-autodetect.yml index 9a7adcb7d..9b3cff5d5 100644 --- a/.github/workflows/__multi-language-autodetect.yml +++ b/.github/workflows/__multi-language-autodetect.yml @@ -7,6 +7,7 @@ name: PR Check - Multi-language repository env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GO111MODULE: auto + CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true' on: push: branches: diff --git a/.github/workflows/__packaging-codescanning-config-inputs-js.yml b/.github/workflows/__packaging-codescanning-config-inputs-js.yml index d3657a202..744ced18c 100644 --- a/.github/workflows/__packaging-codescanning-config-inputs-js.yml +++ b/.github/workflows/__packaging-codescanning-config-inputs-js.yml @@ -7,6 +7,7 @@ name: 'PR Check - Packaging: Config and input passed to the CLI' env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GO111MODULE: auto + CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true' on: push: branches: diff --git a/.github/workflows/__packaging-config-inputs-js.yml b/.github/workflows/__packaging-config-inputs-js.yml index f35e2a9af..dc4221656 100644 --- a/.github/workflows/__packaging-config-inputs-js.yml +++ b/.github/workflows/__packaging-config-inputs-js.yml @@ -7,6 +7,7 @@ name: 'PR Check - Packaging: Config and input' env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GO111MODULE: auto + CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true' on: push: branches: diff --git a/.github/workflows/__packaging-config-js.yml b/.github/workflows/__packaging-config-js.yml index 7751c8f13..47b1ecc73 100644 --- a/.github/workflows/__packaging-config-js.yml +++ b/.github/workflows/__packaging-config-js.yml @@ -7,6 +7,7 @@ name: 'PR Check - Packaging: Config file' env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GO111MODULE: auto + CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true' on: push: branches: diff --git a/.github/workflows/__packaging-inputs-js.yml b/.github/workflows/__packaging-inputs-js.yml index 77be55110..a9bbac075 100644 --- a/.github/workflows/__packaging-inputs-js.yml +++ b/.github/workflows/__packaging-inputs-js.yml @@ -7,6 +7,7 @@ name: 'PR Check - Packaging: Action input' env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GO111MODULE: auto + CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true' on: push: branches: diff --git a/.github/workflows/__remote-config.yml b/.github/workflows/__remote-config.yml index 30c9348e2..a6c5a4ec5 100644 --- a/.github/workflows/__remote-config.yml +++ b/.github/workflows/__remote-config.yml @@ -7,6 +7,7 @@ name: PR Check - Remote config file env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GO111MODULE: auto + CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true' on: push: branches: diff --git a/.github/workflows/__rubocop-multi-language.yml b/.github/workflows/__rubocop-multi-language.yml index c240aabb7..b06628b49 100644 --- a/.github/workflows/__rubocop-multi-language.yml +++ b/.github/workflows/__rubocop-multi-language.yml @@ -7,6 +7,7 @@ name: PR Check - RuboCop multi-language env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GO111MODULE: auto + CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true' on: push: branches: diff --git a/.github/workflows/__ruby.yml b/.github/workflows/__ruby.yml index 9a3a9f7eb..b74e93ff4 100644 --- a/.github/workflows/__ruby.yml +++ b/.github/workflows/__ruby.yml @@ -7,6 +7,7 @@ name: PR Check - Ruby analysis env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GO111MODULE: auto + CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true' on: push: branches: diff --git a/.github/workflows/__split-workflow.yml b/.github/workflows/__split-workflow.yml index d2d45353b..01e2a9838 100644 --- a/.github/workflows/__split-workflow.yml +++ b/.github/workflows/__split-workflow.yml @@ -7,6 +7,7 @@ name: PR Check - Split workflow env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GO111MODULE: auto + CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true' on: push: branches: diff --git a/.github/workflows/__submit-sarif-failure.yml b/.github/workflows/__submit-sarif-failure.yml index 992f85c8b..67d79c5c9 100644 --- a/.github/workflows/__submit-sarif-failure.yml +++ b/.github/workflows/__submit-sarif-failure.yml @@ -7,6 +7,7 @@ name: PR Check - Submit SARIF after failure env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GO111MODULE: auto + CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true' on: push: branches: diff --git a/.github/workflows/__swift-autobuild.yml b/.github/workflows/__swift-autobuild.yml index 678a1498a..63c19736a 100644 --- a/.github/workflows/__swift-autobuild.yml +++ b/.github/workflows/__swift-autobuild.yml @@ -7,6 +7,7 @@ name: PR Check - Swift analysis using autobuild env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GO111MODULE: auto + CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true' on: push: branches: diff --git a/.github/workflows/__swift-custom-build.yml b/.github/workflows/__swift-custom-build.yml index d5ebde1be..df78cd86b 100644 --- a/.github/workflows/__swift-custom-build.yml +++ b/.github/workflows/__swift-custom-build.yml @@ -7,6 +7,7 @@ name: PR Check - Swift analysis using a custom build command env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GO111MODULE: auto + CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true' on: push: branches: diff --git a/.github/workflows/__test-autobuild-working-dir.yml b/.github/workflows/__test-autobuild-working-dir.yml index 0ab8a2b7a..a3721e613 100644 --- a/.github/workflows/__test-autobuild-working-dir.yml +++ b/.github/workflows/__test-autobuild-working-dir.yml @@ -7,6 +7,7 @@ name: PR Check - Autobuild working directory env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GO111MODULE: auto + CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true' on: push: branches: diff --git a/.github/workflows/__test-local-codeql.yml b/.github/workflows/__test-local-codeql.yml index 54354b4eb..fe8396509 100644 --- a/.github/workflows/__test-local-codeql.yml +++ b/.github/workflows/__test-local-codeql.yml @@ -7,6 +7,7 @@ name: PR Check - Local CodeQL bundle env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GO111MODULE: auto + CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true' on: push: branches: diff --git a/.github/workflows/__test-proxy.yml b/.github/workflows/__test-proxy.yml index 1551a18a9..95327eddf 100644 --- a/.github/workflows/__test-proxy.yml +++ b/.github/workflows/__test-proxy.yml @@ -7,6 +7,7 @@ name: PR Check - Proxy test env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GO111MODULE: auto + CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true' on: push: branches: diff --git a/.github/workflows/__unset-environment.yml b/.github/workflows/__unset-environment.yml index dfdf0a01c..a49984229 100644 --- a/.github/workflows/__unset-environment.yml +++ b/.github/workflows/__unset-environment.yml @@ -7,6 +7,7 @@ name: PR Check - Test unsetting environment variables env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GO111MODULE: auto + CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true' on: push: branches: @@ -59,7 +60,10 @@ jobs: tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code shell: bash - run: env -i PATH="$PATH" HOME="$HOME" ./build.sh + # Disable Kotlin analysis while it's incompatible with Kotlin 1.8, until we find a + # workaround for our PR checks. + run: env -i CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN=true PATH="$PATH" HOME="$HOME" + ./build.sh - uses: ./../action/analyze id: analysis - shell: bash diff --git a/.github/workflows/__upload-ref-sha-input.yml b/.github/workflows/__upload-ref-sha-input.yml index a488455b4..47a1865f8 100644 --- a/.github/workflows/__upload-ref-sha-input.yml +++ b/.github/workflows/__upload-ref-sha-input.yml @@ -7,6 +7,7 @@ name: "PR Check - Upload-sarif: 'ref' and 'sha' from inputs" env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GO111MODULE: auto + CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true' on: push: branches: diff --git a/.github/workflows/__with-checkout-path.yml b/.github/workflows/__with-checkout-path.yml index dd63cb05d..4ea0a1bdb 100644 --- a/.github/workflows/__with-checkout-path.yml +++ b/.github/workflows/__with-checkout-path.yml @@ -7,6 +7,7 @@ name: PR Check - Use a custom `checkout_path` env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GO111MODULE: auto + CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true' on: push: branches: diff --git a/.github/workflows/debug-artifacts-failure.yml b/.github/workflows/debug-artifacts-failure.yml index 9afb2b30e..8fc0102e6 100644 --- a/.github/workflows/debug-artifacts-failure.yml +++ b/.github/workflows/debug-artifacts-failure.yml @@ -2,6 +2,9 @@ # when the analyze step fails. name: PR Check - Debug artifacts after failure env: + # Disable Kotlin analysis while it's incompatible with Kotlin 1.8, until we find a + # workaround for our PR checks. + CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: true GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} on: push: diff --git a/.github/workflows/debug-artifacts.yml b/.github/workflows/debug-artifacts.yml index 99cc887fe..836d7cad4 100644 --- a/.github/workflows/debug-artifacts.yml +++ b/.github/workflows/debug-artifacts.yml @@ -1,6 +1,9 @@ # Checks logs, SARIF, and database bundle debug artifacts exist. name: PR Check - Debug artifact upload env: + # Disable Kotlin analysis while it's incompatible with Kotlin 1.8, until we find a + # workaround for our PR checks. + CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: true GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} on: push: diff --git a/CHANGELOG.md b/CHANGELOG.md index 637400cb4..719d686f4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,7 @@ ## [UNRELEASED] -No user facing changes. +- Update default CodeQL bundle version to 2.12.0. [#1466](https://github.com/github/codeql-action/pull/1466) ## 2.1.37 - 14 Dec 2022 diff --git a/lib/database-upload.js b/lib/database-upload.js index 3f51505b2..610998cd4 100644 --- a/lib/database-upload.js +++ b/lib/database-upload.js @@ -44,24 +44,32 @@ async function uploadDatabases(repositoryNwo, config, apiDetails, logger) { const client = (0, api_client_1.getApiClient)(); const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd); for (const language of config.languages) { - // Upload the database bundle. - // Although we are uploading arbitrary file contents to the API, it's worth - // noting that it's the API's job to validate that the contents is acceptable. - // This API method is available to anyone with write access to the repo. - const payload = fs.readFileSync(await (0, util_1.bundleDb)(config, language, codeql, language)); try { - await client.request(`POST https://uploads.github.com/repos/:owner/:repo/code-scanning/codeql/databases/:language?name=:name`, { - owner: repositoryNwo.owner, - repo: repositoryNwo.repo, - language, - name: `${language}-database`, - data: payload, - headers: { - authorization: `token ${apiDetails.auth}`, - "Content-Type": "application/zip", - }, - }); - logger.debug(`Successfully uploaded database for ${language}`); + // Upload the database bundle. + // Although we are uploading arbitrary file contents to the API, it's worth + // noting that it's the API's job to validate that the contents is acceptable. + // This API method is available to anyone with write access to the repo. + const bundledDb = await (0, util_1.bundleDb)(config, language, codeql, language); + const bundledDbSize = fs.statSync(bundledDb).size; + const bundledDbReadStream = fs.createReadStream(bundledDb); + try { + await client.request(`POST https://uploads.github.com/repos/:owner/:repo/code-scanning/codeql/databases/:language?name=:name`, { + owner: repositoryNwo.owner, + repo: repositoryNwo.repo, + language, + name: `${language}-database`, + data: bundledDbReadStream, + headers: { + authorization: `token ${apiDetails.auth}`, + "Content-Type": "application/zip", + "Content-Length": bundledDbSize, + }, + }); + logger.debug(`Successfully uploaded database for ${language}`); + } + finally { + bundledDbReadStream.close(); + } } catch (e) { console.log(e); diff --git a/lib/database-upload.js.map b/lib/database-upload.js.map index 8d8834b31..92068722b 100644 --- a/lib/database-upload.js.map +++ b/lib/database-upload.js.map @@ -1 +1 @@ -{"version":3,"file":"database-upload.js","sourceRoot":"","sources":["../src/database-upload.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AAEzB,4DAA8C;AAC9C,6CAA8D;AAC9D,qCAAqC;AAIrC,6CAA+B;AAC/B,iCAAkC;AAE3B,KAAK,UAAU,eAAe,CACnC,aAA4B,EAC5B,MAAc,EACd,UAA4B,EAC5B,MAAc;IAEd,IAAI,WAAW,CAAC,gBAAgB,CAAC,iBAAiB,CAAC,KAAK,MAAM,EAAE;QAC9D,MAAM,CAAC,KAAK,CAAC,wDAAwD,CAAC,CAAC;QACvE,OAAO;KACR;IAED,iDAAiD;IACjD,IAAI,MAAM,CAAC,aAAa,CAAC,IAAI,KAAK,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE;QAC3D,MAAM,CAAC,KAAK,CAAC,kDAAkD,CAAC,CAAC;QACjE,OAAO;KACR;IAED,IAAI,CAAC,CAAC,MAAM,WAAW,CAAC,wBAAwB,EAAE,CAAC,EAAE;QACnD,4EAA4E;QAC5E,MAAM,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;QAC/D,OAAO;KACR;IAED,MAAM,MAAM,GAAG,IAAA,yBAAY,GAAE,CAAC;IAC9B,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAEjD,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE;QACvC,8BAA8B;QAC9B,2EAA2E;QAC3E,8EAA8E;QAC9E,wEAAwE;QACxE,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAC7B,MAAM,IAAA,eAAQ,EAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,CACnD,CAAC;QACF,IAAI;YACF,MAAM,MAAM,CAAC,OAAO,CAClB,wGAAwG,EACxG;gBACE,KAAK,EAAE,aAAa,CAAC,KAAK;gBAC1B,IAAI,EAAE,aAAa,CAAC,IAAI;gBACxB,QAAQ;gBACR,IAAI,EAAE,GAAG,QAAQ,WAAW;gBAC5B,IAAI,EAAE,OAAO;gBACb,OAAO,EAAE;oBACP,aAAa,EAAE,SAAS,UAAU,CAAC,IAAI,EAAE;oBACzC,cAAc,EAAE,iBAAiB;iBAClC;aACF,CACF,CAAC;YACF,MAAM,CAAC,KAAK,CAAC,sCAAsC,QAAQ,EAAE,CAAC,CAAC;SAChE;QAAC,OAAO,CAAC,EAAE;YACV,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YACf,4CAA4C;YAC5C,MAAM,CAAC,OAAO,CAAC,iCAAiC,QAAQ,KAAK,CAAC,EAAE,CAAC,CAAC;SACnE;KACF;AACH,CAAC;AAxDD,0CAwDC"} \ No newline at end of file +{"version":3,"file":"database-upload.js","sourceRoot":"","sources":["../src/database-upload.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AAEzB,4DAA8C;AAC9C,6CAA8D;AAC9D,qCAAqC;AAIrC,6CAA+B;AAC/B,iCAAkC;AAE3B,KAAK,UAAU,eAAe,CACnC,aAA4B,EAC5B,MAAc,EACd,UAA4B,EAC5B,MAAc;IAEd,IAAI,WAAW,CAAC,gBAAgB,CAAC,iBAAiB,CAAC,KAAK,MAAM,EAAE;QAC9D,MAAM,CAAC,KAAK,CAAC,wDAAwD,CAAC,CAAC;QACvE,OAAO;KACR;IAED,iDAAiD;IACjD,IAAI,MAAM,CAAC,aAAa,CAAC,IAAI,KAAK,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE;QAC3D,MAAM,CAAC,KAAK,CAAC,kDAAkD,CAAC,CAAC;QACjE,OAAO;KACR;IAED,IAAI,CAAC,CAAC,MAAM,WAAW,CAAC,wBAAwB,EAAE,CAAC,EAAE;QACnD,4EAA4E;QAC5E,MAAM,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;QAC/D,OAAO;KACR;IAED,MAAM,MAAM,GAAG,IAAA,yBAAY,GAAE,CAAC;IAC9B,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAEjD,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE;QACvC,IAAI;YACF,8BAA8B;YAC9B,2EAA2E;YAC3E,8EAA8E;YAC9E,wEAAwE;YACxE,MAAM,SAAS,GAAG,MAAM,IAAA,eAAQ,EAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;YACrE,MAAM,aAAa,GAAG,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC;YAClD,MAAM,mBAAmB,GAAG,EAAE,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAC;YAC3D,IAAI;gBACF,MAAM,MAAM,CAAC,OAAO,CAClB,wGAAwG,EACxG;oBACE,KAAK,EAAE,aAAa,CAAC,KAAK;oBAC1B,IAAI,EAAE,aAAa,CAAC,IAAI;oBACxB,QAAQ;oBACR,IAAI,EAAE,GAAG,QAAQ,WAAW;oBAC5B,IAAI,EAAE,mBAAmB;oBACzB,OAAO,EAAE;wBACP,aAAa,EAAE,SAAS,UAAU,CAAC,IAAI,EAAE;wBACzC,cAAc,EAAE,iBAAiB;wBACjC,gBAAgB,EAAE,aAAa;qBAChC;iBACF,CACF,CAAC;gBACF,MAAM,CAAC,KAAK,CAAC,sCAAsC,QAAQ,EAAE,CAAC,CAAC;aAChE;oBAAS;gBACR,mBAAmB,CAAC,KAAK,EAAE,CAAC;aAC7B;SACF;QAAC,OAAO,CAAC,EAAE;YACV,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YACf,4CAA4C;YAC5C,MAAM,CAAC,OAAO,CAAC,iCAAiC,QAAQ,KAAK,CAAC,EAAE,CAAC,CAAC;SACnE;KACF;AACH,CAAC;AA7DD,0CA6DC"} \ No newline at end of file diff --git a/lib/defaults.json b/lib/defaults.json index 8a55d7f43..75ebf1cdc 100644 --- a/lib/defaults.json +++ b/lib/defaults.json @@ -1,6 +1,6 @@ { - "bundleVersion": "codeql-bundle-20221211", - "cliVersion": "2.11.6", - "priorBundleVersion": "codeql-bundle-20221202", - "priorCliVersion": "2.11.5" + "bundleVersion": "codeql-bundle-20230105", + "cliVersion": "2.12.0", + "priorBundleVersion": "codeql-bundle-20221211", + "priorCliVersion": "2.11.6" } diff --git a/pr-checks/checks/unset-environment.yml b/pr-checks/checks/unset-environment.yml index 777bc4042..6e36c0786 100644 --- a/pr-checks/checks/unset-environment.yml +++ b/pr-checks/checks/unset-environment.yml @@ -8,7 +8,9 @@ steps: tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code shell: bash - run: env -i PATH="$PATH" HOME="$HOME" ./build.sh + # Disable Kotlin analysis while it's incompatible with Kotlin 1.8, until we find a + # workaround for our PR checks. + run: env -i CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN=true PATH="$PATH" HOME="$HOME" ./build.sh - uses: ./../action/analyze id: analysis - shell: bash diff --git a/pr-checks/sync.py b/pr-checks/sync.py index b38c7c535..74dd8c854 100644 --- a/pr-checks/sync.py +++ b/pr-checks/sync.py @@ -126,6 +126,9 @@ def writeHeader(checkStream): 'env': { 'GITHUB_TOKEN': '${{ secrets.GITHUB_TOKEN }}', 'GO111MODULE': 'auto', + # Disable Kotlin analysis while it's incompatible with Kotlin 1.8, until we find a + # workaround for our PR checks. + 'CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN': 'true', }, 'on': { 'push': { diff --git a/src/database-upload.ts b/src/database-upload.ts index 16e41ae37..1886baa52 100644 --- a/src/database-upload.ts +++ b/src/database-upload.ts @@ -36,29 +36,34 @@ export async function uploadDatabases( const codeql = await getCodeQL(config.codeQLCmd); for (const language of config.languages) { - // Upload the database bundle. - // Although we are uploading arbitrary file contents to the API, it's worth - // noting that it's the API's job to validate that the contents is acceptable. - // This API method is available to anyone with write access to the repo. - const payload = fs.readFileSync( - await bundleDb(config, language, codeql, language) - ); try { - await client.request( - `POST https://uploads.github.com/repos/:owner/:repo/code-scanning/codeql/databases/:language?name=:name`, - { - owner: repositoryNwo.owner, - repo: repositoryNwo.repo, - language, - name: `${language}-database`, - data: payload, - headers: { - authorization: `token ${apiDetails.auth}`, - "Content-Type": "application/zip", - }, - } - ); - logger.debug(`Successfully uploaded database for ${language}`); + // Upload the database bundle. + // Although we are uploading arbitrary file contents to the API, it's worth + // noting that it's the API's job to validate that the contents is acceptable. + // This API method is available to anyone with write access to the repo. + const bundledDb = await bundleDb(config, language, codeql, language); + const bundledDbSize = fs.statSync(bundledDb).size; + const bundledDbReadStream = fs.createReadStream(bundledDb); + try { + await client.request( + `POST https://uploads.github.com/repos/:owner/:repo/code-scanning/codeql/databases/:language?name=:name`, + { + owner: repositoryNwo.owner, + repo: repositoryNwo.repo, + language, + name: `${language}-database`, + data: bundledDbReadStream, + headers: { + authorization: `token ${apiDetails.auth}`, + "Content-Type": "application/zip", + "Content-Length": bundledDbSize, + }, + } + ); + logger.debug(`Successfully uploaded database for ${language}`); + } finally { + bundledDbReadStream.close(); + } } catch (e) { console.log(e); // Log a warning but don't fail the workflow diff --git a/src/defaults.json b/src/defaults.json index 20ea15cf5..414475134 100644 --- a/src/defaults.json +++ b/src/defaults.json @@ -1,6 +1,6 @@ { - "bundleVersion": "codeql-bundle-20221211", - "cliVersion": "2.11.6", - "priorBundleVersion": "codeql-bundle-20221202", - "priorCliVersion": "2.11.5" + "bundleVersion": "codeql-bundle-20230105", + "cliVersion": "2.12.0", + "priorBundleVersion": "codeql-bundle-20221211", + "priorCliVersion": "2.11.6" }