Use smaller Plarform-Language packages when analyzing only one language #172
Conversation
* Add `bundleName` argument to `getCodeQLBundleDownloadURL` * Add `languages` argument to `setupCodeQL`. The logic now tries to find the platform-language pkg before defaulting to the full bundle. We keep the toolcache clean by adding the pl version to the tool version.
# This is the 1st commit message: Add logic to download codeql platform-language pkg * Add `bundleName` argument to `getCodeQLBundleDownloadURL` * Add `languages` argument to `setupCodeQL`. The logic now tries to find the platform-language pkg before defaulting to the full bundle. We keep the toolcache clean by adding the pl version to the tool version. # The commit message #2 will be skipped: # Add simple fallback logic for download # The commit message #3 will be skipped: # wip linter # The commit message #4 will be skipped: # linter
# This is the 1st commit message: Add logic to download codeql platform-language pkg * Add `bundleName` argument to `getCodeQLBundleDownloadURL` * Add `languages` argument to `setupCodeQL`. The logic now tries to find the platform-language pkg before defaulting to the full bundle. We keep the toolcache clean by adding the pl version to the tool version. # The commit message #2 will be skipped: # add test # The commit message #3 will be skipped: # cleanup # The commit message #4 will be skipped: # linter
* Add `bundleName` argument to `getCodeQLBundleDownloadURL` * Add `languages` argument to `setupCodeQL`. The logic now tries to find the platform-language pkg before defaulting to the full bundle. We keep the toolcache clean by adding the pl version to the tool version.
marcogario
force-pushed
the
platform_lang_pkg
branch
from
f00b280 to
57b0b7f
Compare
|
I ran an experiment comparing zip0 and tar.gz decompression time. There is basically no difference between zip and tar.gz. I would keep the tar.gz for consistency. |
robertbrignull
left a comment
robertbrignull
left a comment
There was a problem hiding this comment.
A couple of comments, but I admit I haven't read through all that fully. I'd like to see a demo if possible as that would be best for showing it works. I'm a bit worried about our use of the toolcache as we're really not using it how it intends with regards to the version strings.
Overall though, the approach this is taking looks like it'll be good.
I'm sure you already know this, but probably worth noting we're also trying to get the bundle pre-populated into the actions runners. It's not clear exactly when this will happen but it's looking like it will. So that would mean that splitting up the bundle would be less useful on dotcom, but this is still potentially very useful for GHES or self-hosted runners on dotcom.
|
Would https://github.com/github/codeql-action-sync-tool need to be changed as part of this? |
|
Thanks @robertbrignull, I will go through your comments in detail tomorrow and also update the code to match main.
I think we need to dig deeper here. My thought was this would improve all settings. Clearly self-hosted runners, but also dotCom, as I understood there is a window between we releasing a new bundle and the base image being rebuilt. However, also given your comment in that discussion, I might be misunderstanding how the version information is used in the toolcache. Do you have more information you can point me to, or shall we try to sync? |
marcogario
force-pushed
the
platform_lang_pkg
branch
from
d343ab6 to
588a28d
Compare
marcogario
force-pushed
the
platform_lang_pkg
branch
from
38e85d2 to
7b29d2e
Compare
marcogario
force-pushed
the
platform_lang_pkg
branch
5 times, most recently
from
a43213e to
1e41045
Compare
marcogario
force-pushed
the
platform_lang_pkg
branch
from
1e41045 to
0ca7a34
Compare
|
This is an example of how we fallback in the search of the tool: |
|
I was doing some more testing and I ran into the following issue.
codeql-action/src/init-action.ts Line 62 in 57ef26c What could be the best way to deal with this? Can we detect that the value was not specified in the configuration? |
Yes, I agree this is a pain. Your analysis is right that for the runner it might be undefined, but for the action it's always a string. If it's not defined in the workflow then it gets set to the emptystring. So this means the best way to check it may be to do convert it to a boolean to see if it's truthy, but I agree this is no ideal. I think this is a problem we should deal with and be , though doesn't have to be in this PR. Maybe we should convert all emptystrings to undefined when we read the inputs, but there are other options. I'll open an issue as I think we should track this and make sure it gets improved. |
marcogario
force-pushed
the
platform_lang_pkg
branch
from
db1d997 to
2a73b54
Compare
robertbrignull
left a comment
robertbrignull
left a comment
There was a problem hiding this comment.
I'm re-reviewing but I'm having to step out now so I'm posting what I have so far. I'll continue reviewing the rest later today.
| language: ["none", "cpp", "csharp", "go", "java", "javascript", "python"] | ||
| runs-on: ${{ matrix.os }} | ||
| steps: | ||
| # Translate OS |
There was a problem hiding this comment.
Could you explain what this step is doing? I can't tell just looking at it here.
There was a problem hiding this comment.
Ah, this is a left-over. I might use it now, if I want to test the toolcache (as you suggest below). I am adding a comment, but in general, it is setting an env variable called OS with the correct string value depending on the platform.
| env: | ||
| TEST_MODE: true | ||
|
|
||
| single-language-bundles: |
There was a problem hiding this comment.
Does this need some check after running the actions to make sure it actually downloaded the right bundles. Currently it could download the full thing each time and still pass.
You should be able to look inside the toolcache directory and see what it has downloaded. You'll find it under /opt/hostedtoolcache (at least on linux) or you can use $AGENT_TOOLSDIRECTORY (which might work on all operating systems).
There was a problem hiding this comment.
The idea was not to require this, although I can see how it would be good to test this in a non-failing way.
I did not want to make the bundle-release process more complex, so these tests should pass with only the main bundle (fallback behavior). I see how outputting a message that we used the smaller bundler would be useful for validation.
robertbrignull
left a comment
robertbrignull
left a comment
There was a problem hiding this comment.
Ok, I've gone through everything now.
Only one comment and I can't see anything else wrong, though I'm still a bit uneasy about this feature as a whole because it's just quite complicated and I feel I'm not giving it the brain power / testing time it requires.
Also, #211 has been merged now, so this could be rebased onto that to simply things.
src/codeql.ts
Outdated
| apiURL === util.GITHUB_DOTCOM_URL && | ||
| repository === CODEQL_DEFAULT_ACTION_REPOSITORY | ||
| repository === CODEQL_DEFAULT_ACTION_REPOSITORY && | ||
| bundleNames[0] === CODEQL_BUNDLE_NAME |
There was a problem hiding this comment.
I'm not convinced this will ever be true. The only place this is called from non-test code, the 0th element is either the platform bundle or the plVersion bundle. The raw full CODEQL_BUNDLE_NAME is never the 0th element. I can see why you're checking this here, because the idea is to not default to using the full bundle unless necessary, but I don't think the logic is quite right.
Since we own the release on github.com/github/codeql-action could you do the same thing of just assuming the release artifacts will be there for all platforms and languages? I realise they aren't there currently so that will delay merging this PR until they are there. The alternative would be to stop treating github.com as special and make the request to discover what assets are there. I don't have a strong favourite between those options as they both have positive and negative aspects.
|
Thanks for the review. I think there is a conceptual point to address. I did this work trying to be compatible with the current bundle release process. This has a few visible impact in the implementation. As you noted in the review:
Since I automated the creation of the smaller bundles, it would seem that changing the release process has some benefits, with few drawbacks. The only "problem" I see is that this would require to postpone merging this and first:
@robertbrignull WDYT? |
marcogario
force-pushed
the
platform_lang_pkg
branch
from
2a73b54 to
7f2fa9c
Compare
|
I went ahead and prepared the changes to the process as discussed above. I think that is the most reasonable solution.
|
marcogario
force-pushed
the
platform_lang_pkg
branch
from
1bb59f4 to
77a4910
Compare
marcogario
force-pushed
the
platform_lang_pkg
branch
from
77a4910 to
8547a75
Compare
|
As discussed with @robertbrignull , this will be closed in favor of a simpler version that only accounts for platforms. |
When the action (or runner) analyzes only a single language, we download a smaller codeql bundle.
The main change here is that we now need to first detect the language and then setup codeQL. The language detection used to be a step of the
initConfigstep. We move this out and perform it beforeinitCodeQL.The changes to
setupCodeQLare meant to correctly cache the tooling. I.e., if we already have a full bundle in the cache, we should not try to download a platform-language bundle. Similarly, if we did download a platforms-language bundle, then we should not cache it as a full bundle.We extend this logic to only download the platform specific bundle, so that linux runners do not need to download a package with both windows and osx binaries.
I added this comment in the
setupCodeQLto make the flow a bit more clear:I will like to test/merge this code before merging the code to split the bundles, to ensure that it works if we do not create the platform-language packages (it should, and we have tests, but...).
Merge / deployment checklist