diff --git a/.github/workflows/codescanning-config-cli.yml b/.github/workflows/codescanning-config-cli.yml index bf6d90fbf..0c4829339 100644 --- a/.github/workflows/codescanning-config-cli.yml +++ b/.github/workflows/codescanning-config-cli.yml @@ -11,6 +11,8 @@ env: CODEQL_ACTION_OVERLAY_ANALYSIS: true CODEQL_ACTION_OVERLAY_ANALYSIS_JAVASCRIPT: false CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_JAVASCRIPT: true + CODEQL_ACTION_OVERLAY_ANALYSIS_STATUS_CHECK: false + CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS: true on: push: diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index 803295c68..b753e030e 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -161100,7 +161100,7 @@ var safeDump = renamed("safeDump", "dump"); var semver = __toESM(require_semver2()); // src/api-compatibility.json -var maximumVersion = "3.20"; +var maximumVersion = "3.21"; var minimumVersion = "3.14"; // src/util.ts @@ -162227,6 +162227,11 @@ var featureConfig = { // cannot be found when interpreting results. minimumVersion: void 0 }, + ["start_proxy_remove_unused_registries" /* StartProxyRemoveUnusedRegistries */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_START_PROXY_REMOVE_UNUSED_REGISTRIES", + minimumVersion: void 0 + }, ["start_proxy_use_features_release" /* StartProxyUseFeaturesRelease */]: { defaultValue: false, envVar: "CODEQL_ACTION_START_PROXY_USE_FEATURES_RELEASE", diff --git a/lib/analyze-action.js b/lib/analyze-action.js index c1c1c5c3d..5a99e1d1f 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -107976,6 +107976,11 @@ var featureConfig = { // cannot be found when interpreting results. minimumVersion: void 0 }, + ["start_proxy_remove_unused_registries" /* StartProxyRemoveUnusedRegistries */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_START_PROXY_REMOVE_UNUSED_REGISTRIES", + minimumVersion: void 0 + }, ["start_proxy_use_features_release" /* StartProxyUseFeaturesRelease */]: { defaultValue: false, envVar: "CODEQL_ACTION_START_PROXY_USE_FEATURES_RELEASE", diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index 8916f23cf..6a5998873 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -102992,7 +102992,7 @@ var safeDump = renamed("safeDump", "dump"); var semver = __toESM(require_semver2()); // src/api-compatibility.json -var maximumVersion = "3.20"; +var maximumVersion = "3.21"; var minimumVersion = "3.14"; // src/util.ts @@ -104276,6 +104276,11 @@ var featureConfig = { // cannot be found when interpreting results. minimumVersion: void 0 }, + ["start_proxy_remove_unused_registries" /* StartProxyRemoveUnusedRegistries */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_START_PROXY_REMOVE_UNUSED_REGISTRIES", + minimumVersion: void 0 + }, ["start_proxy_use_features_release" /* StartProxyUseFeaturesRelease */]: { defaultValue: false, envVar: "CODEQL_ACTION_START_PROXY_USE_FEATURES_RELEASE", diff --git a/lib/init-action-post.js b/lib/init-action-post.js index 5b7cddf17..a24252700 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -163998,7 +163998,7 @@ var safeDump = renamed("safeDump", "dump"); var semver = __toESM(require_semver2()); // src/api-compatibility.json -var maximumVersion = "3.20"; +var maximumVersion = "3.21"; var minimumVersion = "3.14"; // src/util.ts @@ -165713,6 +165713,11 @@ var featureConfig = { // cannot be found when interpreting results. minimumVersion: void 0 }, + ["start_proxy_remove_unused_registries" /* StartProxyRemoveUnusedRegistries */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_START_PROXY_REMOVE_UNUSED_REGISTRIES", + minimumVersion: void 0 + }, ["start_proxy_use_features_release" /* StartProxyUseFeaturesRelease */]: { defaultValue: false, envVar: "CODEQL_ACTION_START_PROXY_USE_FEATURES_RELEASE", diff --git a/lib/init-action.js b/lib/init-action.js index 5f0014c6c..cc32ddc52 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -103211,7 +103211,7 @@ var safeDump = renamed("safeDump", "dump"); var semver = __toESM(require_semver2()); // src/api-compatibility.json -var maximumVersion = "3.20"; +var maximumVersion = "3.21"; var minimumVersion = "3.14"; // src/util.ts @@ -105522,6 +105522,11 @@ var featureConfig = { // cannot be found when interpreting results. minimumVersion: void 0 }, + ["start_proxy_remove_unused_registries" /* StartProxyRemoveUnusedRegistries */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_START_PROXY_REMOVE_UNUSED_REGISTRIES", + minimumVersion: void 0 + }, ["start_proxy_use_features_release" /* StartProxyUseFeaturesRelease */]: { defaultValue: false, envVar: "CODEQL_ACTION_START_PROXY_USE_FEATURES_RELEASE", diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index 00b706c24..1631f7c2c 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -102992,7 +102992,7 @@ var safeDump = renamed("safeDump", "dump"); var semver = __toESM(require_semver2()); // src/api-compatibility.json -var maximumVersion = "3.20"; +var maximumVersion = "3.21"; var minimumVersion = "3.14"; // src/util.ts @@ -104267,6 +104267,11 @@ var featureConfig = { // cannot be found when interpreting results. minimumVersion: void 0 }, + ["start_proxy_remove_unused_registries" /* StartProxyRemoveUnusedRegistries */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_START_PROXY_REMOVE_UNUSED_REGISTRIES", + minimumVersion: void 0 + }, ["start_proxy_use_features_release" /* StartProxyUseFeaturesRelease */]: { defaultValue: false, envVar: "CODEQL_ACTION_START_PROXY_USE_FEATURES_RELEASE", diff --git a/lib/setup-codeql-action.js b/lib/setup-codeql-action.js index 3619e223a..6f1f3261f 100644 --- a/lib/setup-codeql-action.js +++ b/lib/setup-codeql-action.js @@ -103048,7 +103048,7 @@ var safeDump = renamed("safeDump", "dump"); var semver = __toESM(require_semver2()); // src/api-compatibility.json -var maximumVersion = "3.20"; +var maximumVersion = "3.21"; var minimumVersion = "3.14"; // src/util.ts @@ -104164,6 +104164,11 @@ var featureConfig = { // cannot be found when interpreting results. minimumVersion: void 0 }, + ["start_proxy_remove_unused_registries" /* StartProxyRemoveUnusedRegistries */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_START_PROXY_REMOVE_UNUSED_REGISTRIES", + minimumVersion: void 0 + }, ["start_proxy_use_features_release" /* StartProxyUseFeaturesRelease */]: { defaultValue: false, envVar: "CODEQL_ACTION_START_PROXY_USE_FEATURES_RELEASE", diff --git a/lib/start-proxy-action-post.js b/lib/start-proxy-action-post.js index 0f4656ff8..d1b828de8 100644 --- a/lib/start-proxy-action-post.js +++ b/lib/start-proxy-action-post.js @@ -161097,7 +161097,7 @@ var safeDump = renamed("safeDump", "dump"); var semver = __toESM(require_semver2()); // src/api-compatibility.json -var maximumVersion = "3.20"; +var maximumVersion = "3.21"; var minimumVersion = "3.14"; // src/util.ts @@ -161633,6 +161633,11 @@ var featureConfig = { // cannot be found when interpreting results. minimumVersion: void 0 }, + ["start_proxy_remove_unused_registries" /* StartProxyRemoveUnusedRegistries */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_START_PROXY_REMOVE_UNUSED_REGISTRIES", + minimumVersion: void 0 + }, ["start_proxy_use_features_release" /* StartProxyUseFeaturesRelease */]: { defaultValue: false, envVar: "CODEQL_ACTION_START_PROXY_USE_FEATURES_RELEASE", diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index 1b89d780b..0dbbe3691 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -120956,6 +120956,11 @@ var featureConfig = { // cannot be found when interpreting results. minimumVersion: void 0 }, + ["start_proxy_remove_unused_registries" /* StartProxyRemoveUnusedRegistries */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_START_PROXY_REMOVE_UNUSED_REGISTRIES", + minimumVersion: void 0 + }, ["start_proxy_use_features_release" /* StartProxyUseFeaturesRelease */]: { defaultValue: false, envVar: "CODEQL_ACTION_START_PROXY_USE_FEATURES_RELEASE", @@ -121748,6 +121753,18 @@ var LANGUAGE_TO_REGISTRY_TYPE = { rust: ["cargo_registry"], go: ["goproxy_server", "git_source"] }; +var NEW_LANGUAGE_TO_REGISTRY_TYPE = { + actions: [], + cpp: [], + java: ["maven_repository"], + csharp: ["nuget_feed"], + javascript: [], + python: [], + ruby: [], + rust: [], + swift: [], + go: ["goproxy_server", "git_source"] +}; function getRegistryAddress(registry) { if (isDefined2(registry.url)) { return { @@ -121765,8 +121782,9 @@ function getRegistryAddress(registry) { ); } } -function getCredentials(logger, registrySecrets, registriesCredentials, language) { - const registryTypeForLanguage = language ? LANGUAGE_TO_REGISTRY_TYPE[language] : void 0; +function getCredentials(logger, registrySecrets, registriesCredentials, language, skipUnusedRegistries = false) { + const registryMapping = skipUnusedRegistries ? NEW_LANGUAGE_TO_REGISTRY_TYPE : LANGUAGE_TO_REGISTRY_TYPE; + const registryTypeForLanguage = language ? registryMapping[language] : void 0; let credentialsStr; if (registriesCredentials !== void 0) { logger.info(`Using registries_credentials input.`); @@ -122263,11 +122281,15 @@ async function run(startedAt) { ); const languageInput = getOptionalInput("language"); language = languageInput ? parseLanguage(languageInput) : void 0; + const skipUnusedRegistries = await features.getValue( + "start_proxy_remove_unused_registries" /* StartProxyRemoveUnusedRegistries */ + ); const credentials = getCredentials( logger, getOptionalInput("registry_secrets"), getOptionalInput("registries_credentials"), - language + language, + skipUnusedRegistries ); if (credentials.length === 0) { logger.info("No credentials found, skipping proxy setup."); diff --git a/lib/upload-lib.js b/lib/upload-lib.js index ec150efc9..b3d35b747 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -107423,6 +107423,11 @@ var featureConfig = { // cannot be found when interpreting results. minimumVersion: void 0 }, + ["start_proxy_remove_unused_registries" /* StartProxyRemoveUnusedRegistries */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_START_PROXY_REMOVE_UNUSED_REGISTRIES", + minimumVersion: void 0 + }, ["start_proxy_use_features_release" /* StartProxyUseFeaturesRelease */]: { defaultValue: false, envVar: "CODEQL_ACTION_START_PROXY_USE_FEATURES_RELEASE", diff --git a/lib/upload-sarif-action-post.js b/lib/upload-sarif-action-post.js index 222e82137..b3802f733 100644 --- a/lib/upload-sarif-action-post.js +++ b/lib/upload-sarif-action-post.js @@ -161097,7 +161097,7 @@ var safeDump = renamed("safeDump", "dump"); var semver = __toESM(require_semver2()); // src/api-compatibility.json -var maximumVersion = "3.20"; +var maximumVersion = "3.21"; var minimumVersion = "3.14"; // src/util.ts @@ -161795,6 +161795,11 @@ var featureConfig = { // cannot be found when interpreting results. minimumVersion: void 0 }, + ["start_proxy_remove_unused_registries" /* StartProxyRemoveUnusedRegistries */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_START_PROXY_REMOVE_UNUSED_REGISTRIES", + minimumVersion: void 0 + }, ["start_proxy_use_features_release" /* StartProxyUseFeaturesRelease */]: { defaultValue: false, envVar: "CODEQL_ACTION_START_PROXY_USE_FEATURES_RELEASE", diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index 02eff7d78..c41ee0c1a 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -107137,6 +107137,11 @@ var featureConfig = { // cannot be found when interpreting results. minimumVersion: void 0 }, + ["start_proxy_remove_unused_registries" /* StartProxyRemoveUnusedRegistries */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_START_PROXY_REMOVE_UNUSED_REGISTRIES", + minimumVersion: void 0 + }, ["start_proxy_use_features_release" /* StartProxyUseFeaturesRelease */]: { defaultValue: false, envVar: "CODEQL_ACTION_START_PROXY_USE_FEATURES_RELEASE", diff --git a/src/api-compatibility.json b/src/api-compatibility.json index b61bbd26d..2e55b9ad7 100644 --- a/src/api-compatibility.json +++ b/src/api-compatibility.json @@ -1 +1 @@ -{"maximumVersion": "3.20", "minimumVersion": "3.14"} +{"maximumVersion": "3.21", "minimumVersion": "3.14"} diff --git a/src/feature-flags.ts b/src/feature-flags.ts index 546d2e0ff..c77bd794f 100644 --- a/src/feature-flags.ts +++ b/src/feature-flags.ts @@ -62,21 +62,29 @@ export enum Feature { OverlayAnalysisCodeScanningSwift = "overlay_analysis_code_scanning_swift", OverlayAnalysisCpp = "overlay_analysis_cpp", OverlayAnalysisCsharp = "overlay_analysis_csharp", + /** Controls whether the Actions cache is checked for overlay build outcomes. */ OverlayAnalysisStatusCheck = "overlay_analysis_status_check", + /** Controls whether overlay build failures on are stored in the Actions cache. */ OverlayAnalysisStatusSave = "overlay_analysis_status_save", OverlayAnalysisGo = "overlay_analysis_go", OverlayAnalysisJava = "overlay_analysis_java", OverlayAnalysisJavascript = "overlay_analysis_javascript", OverlayAnalysisPython = "overlay_analysis_python", + /** + * Controls whether lower disk space requirements are used for overlay hardware checks. + * Has no effect if `OverlayAnalysisSkipResourceChecks` is enabled. + */ OverlayAnalysisResourceChecksV2 = "overlay_analysis_resource_checks_v2", OverlayAnalysisRuby = "overlay_analysis_ruby", OverlayAnalysisRust = "overlay_analysis_rust", + /** Controls whether hardware checks are skipped for overlay analysis. */ OverlayAnalysisSkipResourceChecks = "overlay_analysis_skip_resource_checks", OverlayAnalysisSwift = "overlay_analysis_swift", PythonDefaultIsToNotExtractStdlib = "python_default_is_to_not_extract_stdlib", QaTelemetryEnabled = "qa_telemetry_enabled", /** Note that this currently only disables baseline file coverage information. */ SkipFileCoverageOnPrs = "skip_file_coverage_on_prs", + StartProxyRemoveUnusedRegistries = "start_proxy_remove_unused_registries", StartProxyUseFeaturesRelease = "start_proxy_use_features_release", UploadOverlayDbToApi = "upload_overlay_db_to_api", UseRepositoryProperties = "use_repository_properties_v2", @@ -328,6 +336,11 @@ export const featureConfig = { // cannot be found when interpreting results. minimumVersion: undefined, }, + [Feature.StartProxyRemoveUnusedRegistries]: { + defaultValue: false, + envVar: "CODEQL_ACTION_START_PROXY_REMOVE_UNUSED_REGISTRIES", + minimumVersion: undefined, + }, [Feature.StartProxyUseFeaturesRelease]: { defaultValue: false, envVar: "CODEQL_ACTION_START_PROXY_USE_FEATURES_RELEASE", diff --git a/src/overlay/index.test.ts b/src/overlay/index.test.ts index a80501aab..8e92a69e2 100644 --- a/src/overlay/index.test.ts +++ b/src/overlay/index.test.ts @@ -209,14 +209,14 @@ const testDownloadOverlayBaseDatabaseFromCache = test.macro({ title: (_, title) => `downloadOverlayBaseDatabaseFromCache: ${title}`, }); -test( +test.serial( testDownloadOverlayBaseDatabaseFromCache, "returns stats when successful", {}, true, ); -test( +test.serial( testDownloadOverlayBaseDatabaseFromCache, "returns undefined when mode is OverlayDatabaseMode.OverlayBase", { @@ -225,7 +225,7 @@ test( false, ); -test( +test.serial( testDownloadOverlayBaseDatabaseFromCache, "returns undefined when mode is OverlayDatabaseMode.None", { @@ -234,7 +234,7 @@ test( false, ); -test( +test.serial( testDownloadOverlayBaseDatabaseFromCache, "returns undefined when caching is disabled", { @@ -243,7 +243,7 @@ test( false, ); -test( +test.serial( testDownloadOverlayBaseDatabaseFromCache, "returns undefined in test mode", { @@ -252,7 +252,7 @@ test( false, ); -test( +test.serial( testDownloadOverlayBaseDatabaseFromCache, "returns undefined when cache miss", { @@ -261,7 +261,7 @@ test( false, ); -test( +test.serial( testDownloadOverlayBaseDatabaseFromCache, "returns undefined when download fails", { @@ -270,7 +270,7 @@ test( false, ); -test( +test.serial( testDownloadOverlayBaseDatabaseFromCache, "returns undefined when downloaded database is invalid", { @@ -279,7 +279,7 @@ test( false, ); -test( +test.serial( testDownloadOverlayBaseDatabaseFromCache, "returns undefined when downloaded database doesn't have an overlayBaseSpecifier", { @@ -288,7 +288,7 @@ test( false, ); -test( +test.serial( testDownloadOverlayBaseDatabaseFromCache, "returns undefined when resolving database metadata fails", { @@ -297,7 +297,7 @@ test( false, ); -test( +test.serial( testDownloadOverlayBaseDatabaseFromCache, "returns undefined when filesystem error occurs", { diff --git a/src/start-proxy-action.ts b/src/start-proxy-action.ts index 438d565ae..29c76643e 100644 --- a/src/start-proxy-action.ts +++ b/src/start-proxy-action.ts @@ -5,7 +5,7 @@ import * as core from "@actions/core"; import * as actionsUtil from "./actions-util"; import { getGitHubVersion } from "./api-client"; -import { FeatureEnablement, initFeatures } from "./feature-flags"; +import { Feature, FeatureEnablement, initFeatures } from "./feature-flags"; import { KnownLanguage } from "./languages"; import { getActionsLogger, Logger } from "./logging"; import { getRepositoryNwo } from "./repository"; @@ -58,12 +58,18 @@ async function run(startedAt: Date) { const languageInput = actionsUtil.getOptionalInput("language"); language = languageInput ? parseLanguage(languageInput) : undefined; + // Query the FF for whether we should use the reduced registry mapping. + const skipUnusedRegistries = await features.getValue( + Feature.StartProxyRemoveUnusedRegistries, + ); + // Get the registry configurations from one of the inputs. const credentials = getCredentials( logger, actionsUtil.getOptionalInput("registry_secrets"), actionsUtil.getOptionalInput("registries_credentials"), language, + skipUnusedRegistries, ); if (credentials.length === 0) { diff --git a/src/start-proxy.test.ts b/src/start-proxy.test.ts index 890c5fc5c..a4dd8d589 100644 --- a/src/start-proxy.test.ts +++ b/src/start-proxy.test.ts @@ -359,6 +359,38 @@ test.serial( }, ); +test.serial( + "getCredentials returns all credentials for Actions when using LANGUAGE_TO_REGISTRY_TYPE", + async (t) => { + const credentialsInput = toEncodedJSON(mixedCredentials); + + const credentials = startProxyExports.getCredentials( + getRunnerLogger(true), + undefined, + credentialsInput, + KnownLanguage.actions, + false, + ); + t.is(credentials.length, mixedCredentials.length); + }, +); + +test.serial( + "getCredentials returns no credentials for Actions when using NEW_LANGUAGE_TO_REGISTRY_TYPE", + async (t) => { + const credentialsInput = toEncodedJSON(mixedCredentials); + + const credentials = startProxyExports.getCredentials( + getRunnerLogger(true), + undefined, + credentialsInput, + KnownLanguage.actions, + true, + ); + t.deepEqual(credentials, []); + }, +); + test.serial("parseLanguage", async (t) => { // Exact matches t.deepEqual(parseLanguage("csharp"), KnownLanguage.csharp); diff --git a/src/start-proxy.ts b/src/start-proxy.ts index 7ed466a41..60d0afbc6 100644 --- a/src/start-proxy.ts +++ b/src/start-proxy.ts @@ -224,7 +224,9 @@ function isPAT(value: string) { ]); } -const LANGUAGE_TO_REGISTRY_TYPE: Partial> = { +type RegistryMapping = Partial>; + +const LANGUAGE_TO_REGISTRY_TYPE: RegistryMapping = { java: ["maven_repository"], csharp: ["nuget_feed"], javascript: ["npm_registry"], @@ -234,6 +236,19 @@ const LANGUAGE_TO_REGISTRY_TYPE: Partial> = { go: ["goproxy_server", "git_source"], } as const; +const NEW_LANGUAGE_TO_REGISTRY_TYPE: Required = { + actions: [], + cpp: [], + java: ["maven_repository"], + csharp: ["nuget_feed"], + javascript: [], + python: [], + ruby: [], + rust: [], + swift: [], + go: ["goproxy_server", "git_source"], +} as const; + /** * Extracts an `Address` value from the given `Registry` value by determining whether it has * a `url` value, or no `url` value but a `host` value. @@ -267,9 +282,13 @@ export function getCredentials( registrySecrets: string | undefined, registriesCredentials: string | undefined, language: KnownLanguage | undefined, + skipUnusedRegistries: boolean = false, ): Credential[] { + const registryMapping = skipUnusedRegistries + ? NEW_LANGUAGE_TO_REGISTRY_TYPE + : LANGUAGE_TO_REGISTRY_TYPE; const registryTypeForLanguage = language - ? LANGUAGE_TO_REGISTRY_TYPE[language] + ? registryMapping[language] : undefined; let credentialsStr: string;