diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index fe47faa57..b7ee97d89 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -128728,6 +128728,9 @@ async function scanArchiveFile(archivePath, relativeArchivePath, extractDir, log `Maximum archive extraction depth (${MAX_DEPTH}) reached for ${archivePath}` ); } + if (process.platform === "win32") { + throw new Error("Scanning archives is not supported on Windows."); + } const result = { scannedFiles: 0, findings: [] diff --git a/lib/init-action-post.js b/lib/init-action-post.js index 93d18db70..57d7534f8 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -133650,6 +133650,9 @@ async function scanArchiveFile(archivePath, relativeArchivePath, extractDir, log `Maximum archive extraction depth (${MAX_DEPTH}) reached for ${archivePath}` ); } + if (process.platform === "win32") { + throw new Error("Scanning archives is not supported on Windows."); + } const result = { scannedFiles: 0, findings: [] diff --git a/lib/start-proxy-action-post.js b/lib/start-proxy-action-post.js index 9c40cb5e6..414118377 100644 --- a/lib/start-proxy-action-post.js +++ b/lib/start-proxy-action-post.js @@ -127590,6 +127590,9 @@ async function scanArchiveFile(archivePath, relativeArchivePath, extractDir, log `Maximum archive extraction depth (${MAX_DEPTH}) reached for ${archivePath}` ); } + if (process.platform === "win32") { + throw new Error("Scanning archives is not supported on Windows."); + } const result = { scannedFiles: 0, findings: [] diff --git a/lib/upload-sarif-action-post.js b/lib/upload-sarif-action-post.js index 12d1b216c..cce51af70 100644 --- a/lib/upload-sarif-action-post.js +++ b/lib/upload-sarif-action-post.js @@ -127577,6 +127577,9 @@ async function scanArchiveFile(archivePath, relativeArchivePath, extractDir, log `Maximum archive extraction depth (${MAX_DEPTH}) reached for ${archivePath}` ); } + if (process.platform === "win32") { + throw new Error("Scanning archives is not supported on Windows."); + } const result = { scannedFiles: 0, findings: [] diff --git a/package.json b/package.json index 6cdc0f800..d7811a17d 100644 --- a/package.json +++ b/package.json @@ -5,7 +5,7 @@ "description": "CodeQL action", "scripts": { "_build_comment": "echo 'Run the full build so we typecheck the project and can reuse the transpiled files in npm test'", - "build": "./scripts/check-node-modules.sh && npm run transpile && node build.mjs && npx tsx ./pr-checks/bundle-metadata.ts", + "build": "./scripts/check-node-modules.sh && npm run transpile && node build.mjs", "lint": "eslint --report-unused-disable-directives --max-warnings=0 .", "lint-ci": "SARIF_ESLINT_IGNORE_SUPPRESSED=true eslint --report-unused-disable-directives --max-warnings=0 . --format @microsoft/eslint-formatter-sarif --output-file=eslint.sarif", "lint-fix": "eslint --report-unused-disable-directives --max-warnings=0 . --fix", diff --git a/src/artifact-scanner.test.ts b/src/artifact-scanner.test.ts index d2ecd18e2..6f68e647d 100644 --- a/src/artifact-scanner.test.ts +++ b/src/artifact-scanner.test.ts @@ -141,7 +141,12 @@ test("scanArtifactsForTokens handles files without tokens", async (t) => { } }); -if (os.platform() !== "win32") { +// This test is slow (extracts and scans a zip artifact), so by default we only run it in CI. Set +// RUN_SLOW_TESTS=1 to run it locally. +if ( + os.platform() !== "win32" && + (process.env.CI === "true" || process.env.RUN_SLOW_TESTS === "1") +) { test("scanArtifactsForTokens finds token in debug artifacts", async (t) => { t.timeout(15000); // 15 seconds const messages: LoggedMessage[] = []; diff --git a/src/artifact-scanner.ts b/src/artifact-scanner.ts index 90c424197..5f238811a 100644 --- a/src/artifact-scanner.ts +++ b/src/artifact-scanner.ts @@ -156,6 +156,10 @@ async function scanArchiveFile( ); } + if (process.platform === "win32") { + throw new Error("Scanning archives is not supported on Windows."); + } + const result: ScanResult = { scannedFiles: 0, findings: [],