Convert init, autobuild, and analyze actions to CLI / runner mode #162
Conversation
|
Realised just after posting I've missed the bit with outputting the env vars to a file so you can source them. I'll do that tomorrow morning. |
|
Added code to generate the env file and instructions for how to use it. Also had to inline a couple of files that we depended on just existing, because now we have to write them out to a temporary location ourselves prior to using them. I've tested this on linux building some javascript code. Unfortunately it doesn't work for me tracing a compiled language as the tracer is not intercepting so it claims nothing has been built. I will investigate but I haven't been able to work out what's up yet. |
|
Things still to do:
|
robertbrignull
force-pushed
the
runner_analyze
branch
from
27fd829 to
e9bfa56
Compare
|
I've managed to analyze a cpp project on linux now. Had some errors in the setting of env vars. |
robertbrignull
force-pushed
the
runner_analyze
branch
from
854b2a7 to
39b361e
Compare
robertbrignull
force-pushed
the
runner_analyze
branch
from
00463b1 to
a542021
Compare
I like both of these approaches. You could also consider introducing some new types for things like |
I just want to say that although I would like to do these too I am worried they will eat up a lot of time as we try to find better solutions. If it's acceptable then I would like to go for a correct implementation for now and look at improving it in later pull requests.
Typescript unfortunately doesn't work that way. If you define new types like |
Absolutely - don't add any more in this PR!
Oh, rubbish. |
sampart
left a comment
sampart
left a comment
There was a problem hiding this comment.
Thakns for all you work here. A number of comments, but they're all small ones.
Do you think it would have been feasible to do this as 3 PRs, one for each of init, autobuild and analyze, or would the first one have had a lot of "baggage" that the others would need and so have been huge anyway?
src/codeql.ts
Outdated
| // e.g. our integration tests which use the Action code from the current checkout. | ||
| if (relativeScriptPath.startsWith("..") || path.isAbsolute(relativeScriptPath)) { | ||
| function getCodeQLActionRepository(mode: util.Mode): string { | ||
| if (mode === 'actions') { |
There was a problem hiding this comment.
You could avoid nesting here by using a guard clause. Start with
if (mode !== 'actions') {
return CODEQL_DEFAULT_ACTION_REPOSITORY;
}
and then the rest of the code needn't be in a block.
This has the downside of introducing a ! condition, but the upsides of reducing nesting and also preventing the reader getting to the else and thinking "which condition does this relate to again?" (as I did)
There was a problem hiding this comment.
I agree it's nicer code. The thing that held me back initially is that I'm not sure the unguarded-action-lib query will understand this, but really that just means we should improve the query.
| } | ||
|
|
||
| // We have to download CodeQL manually because the toolcache doesn't support Accept headers. | ||
| // This can be removed once https://github.com/actions/toolkit/pull/530 is merged and released. |
There was a problem hiding this comment.
Did you mean to remove this comment? The PR it mentions hasn't been merged yet.
There was a problem hiding this comment.
Not really. I am worried we may not be able to go back to using the toolcache and may need to carry on implementing this ourselves even once that PR is eventually merged. However I'm not trying to change that assumption in this PR, so I'll revert this to add back the comment.
src/codeql.ts
Outdated
| mode: util.Mode, | ||
| logger: Logger): Promise<CodeQL> { | ||
|
|
||
| // Setting these two env vars makes the toolcache code safe to use, |
There was a problem hiding this comment.
| // Setting these two env vars makes the toolcache code safe to use, | |
| // Setting these two env vars makes the toolcache code safe to use outside of actions, |
You'll probably want to implement this change yourself (assuming you agree with it), though, so you can make the lines line up.
Without a change like this, it implies that the toolcache code is never safe to use!
src/codeql.ts
Outdated
| getTracerEnv: async function(databasePath: string) { | ||
| let envFile = path.resolve(databasePath, 'working', 'env.tmp'); | ||
| // Write tracer-env.js to a temp location. When running in CLI mode we can't rely | ||
| // on this file existing so we have to create it ourselves. |
There was a problem hiding this comment.
Where does it come from in Actions land? It would be good to mention that here so that future developers can compare the file contents below with the canonical version.
There was a problem hiding this comment.
There's no difference in behaviour on actions, so I'll delete that bit of the comment about when running in CLI mode as it always applies.
What I meant is that currently we rely on there being a checkout of this repository present so we can reference arbitrary files in it. That's what we can't do when running in CLI mode.
| util.getRequiredEnvParam('RUNNER_TEMP'), | ||
| util.getRequiredEnvParam('RUNNER_TOOL_CACHE'), | ||
| codeql); | ||
| analysisPaths.includeAndExcludeAnalysisPaths(config); |
There was a problem hiding this comment.
You don't call this in initConfig (although you do call analysisPaths.printPathFiltersWarning(config, logger);). Should you?
There was a problem hiding this comment.
This call has been moved to createdDBForScannedLanguages in analyze.ts as that's where the env vars are actually used. It's replaced here with printPathFiltersWarning so we still print the warning in the init step where it comes currently.
src/runner.ts
Outdated
| .option('--queries <queries>', 'Comma-separated list of additional queries to run. By default, this overrides the same setting in a configuration file.') | ||
| .option('--config-file <file>', 'Path to config file') | ||
| .option('--codeql-path <path>', 'Path to a copy of the CodeQL CLI executable to use. Otherwise downloads a copy.') | ||
| .option('--temp-dir <dir>', 'Directory to use for temporary files. By default will use current working directory.') |
There was a problem hiding this comment.
| .option('--temp-dir <dir>', 'Directory to use for temporary files. By default will use current working directory.') | |
| .option('--temp-dir <dir>', 'Directory to use for temporary files. By default will use a subdirectory of the current working directory.') |
src/runner.ts
Outdated
| .command('autobuild') | ||
| .description('Attempts to automatically build code') | ||
| .option('--language <language>', 'The language to build. By default will try to detect the dominant language.') | ||
| .option('--temp-dir <dir>', 'Directory to use for temporary files. By default will use current working directory.') |
There was a problem hiding this comment.
| .option('--temp-dir <dir>', 'Directory to use for temporary files. By default will use current working directory.') | |
| .option('--temp-dir <dir>', 'Directory to use for temporary files. By default will use a subdirectory of the current working directory.') |
| } else { | ||
| language = determineAutobuildLanguage(config, logger); | ||
| } | ||
| if (language !== undefined) { |
There was a problem hiding this comment.
Do you need an else here - a conditional after the call to determineAutobuildLanguage above - to print a warning if the language is undefined?
There was a problem hiding this comment.
It's a bit convoluted but no, because determineAutobuildLanguage prints a message saying "None of the languages in this project require extra build steps" and then the intention is that we exit gracefully and successfully.
src/runner.ts
Outdated
| .option('--checkout-path <path>', 'Checkout path (default: current working directory)') | ||
| .option('--no-upload', 'Do not upload results after analysis', false) | ||
| .option('--output-dir <dir>', 'Directory to output SARIF files to. By default will use temp directory.') | ||
| .option('--temp-dir <dir>', 'Directory to use for temporary files. By default will use current working directory.') |
There was a problem hiding this comment.
| .option('--temp-dir <dir>', 'Directory to use for temporary files. By default will use current working directory.') | |
| .option('--temp-dir <dir>', 'Directory to use for temporary files. By default will use a subdirectory of the current working directory.') |
src/runner.ts
Outdated
| config, | ||
| logger); | ||
| } catch (e) { | ||
| logger.error('Upload failed'); |
There was a problem hiding this comment.
| logger.error('Upload failed'); | |
| logger.error('Analyze failed'); |
| const config = await getConfig(getTempDir(cmd.tempDir), logger); | ||
| if (config === undefined) { | ||
| throw new Error("Config file could not be found at expected location. " + | ||
| "Was the 'init' command run with the same '--temp-dir' argument as this command."); |
There was a problem hiding this comment.
| "Was the 'init' command run with the same '--temp-dir' argument as this command."); | |
| "Was the 'init' command run with the same '--temp-dir' argument as this command?"); |
| const config = await getConfig(getTempDir(cmd.tempDir), logger); | ||
| if (config === undefined) { | ||
| throw new Error("Config file could not be found at expected location. " + | ||
| "Was the 'init' command run with the same '--temp-dir' argument as this command."); |
There was a problem hiding this comment.
| "Was the 'init' command run with the same '--temp-dir' argument as this command."); | |
| "Was the 'init' command run with the same '--temp-dir' argument as this command?"); |
|
Bugs that have been discovered and need fixing:
Things to do:
|
|
The issue with the spaces in the filepath was due to |
|
I had the idea that in the case that people are able to use the autobuilder it would be nice if they didn't have to source the env explicitly. Doing this is largely fine, but it makes the check at the start of the |
|
Currently getting a weird error on windows. Not sure if it's something I've done wrong in the configuration or not Possibly it's another problem with having a space in the path, as I specifically put the tools dir under |
robertbrignull
force-pushed
the
runner_analyze
branch
from
d718a59 to
5bf581b
Compare
robertbrignull
force-pushed
the
runner_analyze
branch
from
5bf581b to
6882791
Compare
robertbrignull
force-pushed
the
runner_analyze
branch
from
6882791 to
b4d142e
Compare
|
Although the work on the runner for 3rd party CI/CD is not yet finished (mostly unfinished on windows) I'm moderately confident this doesn't break anything on actions, so we should likely merge this now so we get the code in |
|
@robertbrignull you merged this with outstanding code scanning results on it. What was your thinking on doing that rather than marking those results as won't fix / false positives (or, indeed, fixing them if they were accurate)? |
It was purely a matter of forgetfulness. I saw the restults and noted that none of them we're serious enough to block merging, but then forgot to follow up later. I'll go through the alerts now and see which can be closed or fixed. |
|
👍 just curious if there's anything we can learn from it as we polish the UI |
This PR adds a CLI interface to the rest of the actions. This should get us to a state where we have a working product, though it's very rough around the edges and there will be some tech debt cleanup to do.
(Currently depends on #159 but I'll rebase once that PR is merged)
This PR is currently quite rough and not very pretty, but I think it largely works. I've done a single manual test and was about to run the
initandanalyzeactions on a javascript repository.Problems I have with this current situation are:
RUNNNER_TEMPso we can use the existing toolcache code. We shouldn't be doing this and should instead write our own implementation for use outside of actions.@sampart, @joshhale, @chrisgavin, @jhutchings1
Merge / deployment checklist