diff --git a/images/linux/scripts/SoftwareReport/SoftwareReport.Generator.ps1 b/images/linux/scripts/SoftwareReport/SoftwareReport.Generator.ps1 index e9e6747f..0aef771b 100644 --- a/images/linux/scripts/SoftwareReport/SoftwareReport.Generator.ps1 +++ b/images/linux/scripts/SoftwareReport/SoftwareReport.Generator.ps1 @@ -103,7 +103,7 @@ $tools.AddToolVersion("Bazelisk", $(Get-BazeliskVersion)) $tools.AddToolVersion("Bicep", $(Get-BicepVersion)) $tools.AddToolVersion("Buildah", $(Get-BuildahVersion)) $tools.AddToolVersion("CMake", $(Get-CMakeVersion)) -$tools.AddToolVersion("CodeQL Action Bundles", $(Get-CodeQLBundleVersions)) +$tools.AddToolVersion("CodeQL Action Bundle", $(Get-CodeQLBundleVersion)) $tools.AddToolVersion("Docker Amazon ECR Credential Helper", $(Get-DockerAmazonECRCredHelperVersion)) $tools.AddToolVersion("Docker Compose v1", $(Get-DockerComposeV1Version)) $tools.AddToolVersion("Docker Compose v2", $(Get-DockerComposeV2Version)) diff --git a/images/linux/scripts/SoftwareReport/SoftwareReport.Tools.psm1 b/images/linux/scripts/SoftwareReport/SoftwareReport.Tools.psm1 index 3f888248..fab8249a 100644 --- a/images/linux/scripts/SoftwareReport/SoftwareReport.Tools.psm1 +++ b/images/linux/scripts/SoftwareReport/SoftwareReport.Tools.psm1 @@ -30,17 +30,12 @@ function Get-BicepVersion { return $Matches.Version } -function Get-CodeQLBundleVersions { +function Get-CodeQLBundleVersion { $CodeQLVersionsWildcard = Join-Path $Env:AGENT_TOOLSDIRECTORY -ChildPath "CodeQL" | Join-Path -ChildPath "*" - $CodeQLVersionPaths = Get-ChildItem $CodeQLVersionsWildcard - $CodeQlVersions=@() - foreach ($CodeQLVersionPath in $CodeQLVersionPaths) { - $FullCodeQLVersionPath = $CodeQLVersionPath | Select-Object -Expand FullName - $CodeQLPath = Join-Path $FullCodeQLVersionPath -ChildPath "x64" | Join-Path -ChildPath "codeql" | Join-Path -ChildPath "codeql" - $CodeQLVersion = & $CodeQLPath version --quiet - $CodeQLVersions += $CodeQLVersion - } - return $CodeQLVersions + $CodeQLVersionPath = Get-ChildItem $CodeQLVersionsWildcard | Select-Object -First 1 -Expand FullName + $CodeQLPath = Join-Path $CodeQLVersionPath -ChildPath "x64" | Join-Path -ChildPath "codeql" | Join-Path -ChildPath "codeql" + $CodeQLVersion = & $CodeQLPath version --quiet + return $CodeQLVersion } function Get-PodManVersion { diff --git a/images/linux/scripts/installers/codeql-bundle.sh b/images/linux/scripts/installers/codeql-bundle.sh index 23daa4ef..3b62955c 100644 --- a/images/linux/scripts/installers/codeql-bundle.sh +++ b/images/linux/scripts/installers/codeql-bundle.sh @@ -6,68 +6,26 @@ source $HELPER_SCRIPTS/install.sh -# Retrieve the CLI versions and bundle tags of the latest two CodeQL bundles. +# Retrieve the CLI version of the latest CodeQL bundle. base_url="$(curl -fsSL https://raw.githubusercontent.com/github/codeql-action/v2/src/defaults.json)" -codeql_tag_name="$(echo "$base_url" | jq -r '.bundleVersion')" -codeql_cli_version="$(echo "$base_url" | jq -r '.cliVersion')" -prior_codeql_tag_name="$(echo "$base_url" | jq -r '.priorBundleVersion')" -prior_codeql_cli_version="$(echo "$base_url" | jq -r '.priorCliVersion')" +bundle_version="$(echo "$base_url" | jq -r '.cliVersion')" +bundle_tag_name="codeql-bundle-v$bundle_version" -# Compute the toolcache version number for each bundle. This is either `x.y.z` or `x.y.z-YYYYMMDD`. -if [[ "${codeql_tag_name##*-}" == "v"* ]]; then - # Tag name of the format `codeql-bundle-vx.y.z`, where x.y.z is the CLI version. - # We don't need to include the tag name in the toolcache version number because it's derivable - # from the CLI version. - codeql_bundle_version="$codeql_cli_version" -elif [[ "${codeql_tag_name##*-}" =~ ^[0-9]+$ ]]; then - # Tag name of the format `codeql-bundle-YYYYMMDD`. - # We need to include the tag name in the toolcache version number because it can't be derived - # from the CLI version. - codeql_bundle_version="$codeql_cli_version-${codeql_tag_name##*-}" -else - echo "Unrecognised current CodeQL bundle tag name: $codeql_tag_name." \ - "Could not compute toolcache version number." - exit 1 -fi -if [[ "${prior_codeql_tag_name##*-}" == "v"* ]]; then - # Tag name of the format `codeql-bundle-vx.y.z`, where x.y.z is the CLI version. - # We don't need to include the tag name in the toolcache version number because it's derivable - # from the CLI version. - prior_codeql_bundle_version="$prior_codeql_cli_version" -elif [[ "${prior_codeql_tag_name##*-}" =~ ^[0-9]+$ ]]; then - # Tag name of the format `codeql-bundle-YYYYMMDD`. - # We need to include the tag name in the toolcache version number because it can't be derived - # from the CLI version. - prior_codeql_bundle_version="$prior_codeql_cli_version-${prior_codeql_tag_name##*-}" -else - echo "Unrecognised prior CodeQL bundle tag name: $prior_codeql_tag_name." \ - "Could not compute toolcache version number." - exit 1 -fi +echo "Downloading CodeQL bundle $bundle_version..." +# Note that this is the all-platforms CodeQL bundle, to support scenarios where customers run +# different operating systems within containers. +download_with_retries "https://github.com/github/codeql-action/releases/download/$bundle_tag_name/codeql-bundle.tar.gz" "/tmp" "codeql-bundle.tar.gz" +codeql_archive="/tmp/codeql-bundle.tar.gz" -# Download and name both CodeQL bundles. -codeql_bundle_versions=("${codeql_bundle_version}" "${prior_codeql_bundle_version}") -codeql_tag_names=("${codeql_tag_name}" "${prior_codeql_tag_name}") +codeql_toolcache_path="$AGENT_TOOLSDIRECTORY/CodeQL/$bundle_version/x64" +mkdir -p "$codeql_toolcache_path" -for index in "${!codeql_bundle_versions[@]}"; do - bundle_version="${codeql_bundle_versions[$index]}" - bundle_tag_name="${codeql_tag_names[$index]}" - - echo "Downloading CodeQL bundle $bundle_version..." - download_with_retries "https://github.com/github/codeql-action/releases/download/$bundle_tag_name/codeql-bundle.tar.gz" "/tmp" "codeql-bundle.tar.gz" - codeql_archive="/tmp/codeql-bundle.tar.gz" +echo "Unpacking the downloaded CodeQL bundle archive..." +tar -xzf "$codeql_archive" -C "$codeql_toolcache_path" - codeql_toolcache_path="$AGENT_TOOLSDIRECTORY/CodeQL/$bundle_version/x64" - mkdir -p "$codeql_toolcache_path" +# Touch a file to indicate to the CodeQL Action that this bundle shipped with the toolcache. This is +# to support overriding the CodeQL version specified in defaults.json on GitHub Enterprise. +touch "$codeql_toolcache_path/pinned-version" - echo "Unpacking the downloaded CodeQL bundle archive..." - tar -xzf "$codeql_archive" -C "$codeql_toolcache_path" - - # We only pin the latest version in the toolcache, to support overriding the CodeQL version specified in defaults.json on GitHub Enterprise. - if [[ "$bundle_version" == "$codeql_bundle_version" ]]; then - touch "$codeql_toolcache_path/pinned-version" - fi - - # Touch a file to indicate to the toolcache that setting up CodeQL is complete. - touch "$codeql_toolcache_path.complete" -done +# Touch a file to indicate to the toolcache that setting up CodeQL is complete. +touch "$codeql_toolcache_path.complete" diff --git a/images/linux/scripts/tests/Toolset.Tests.ps1 b/images/linux/scripts/tests/Toolset.Tests.ps1 index 981d6093..2ac3e12b 100644 --- a/images/linux/scripts/tests/Toolset.Tests.ps1 +++ b/images/linux/scripts/tests/Toolset.Tests.ps1 @@ -60,20 +60,7 @@ Describe "Toolset" { } } } - - # Validate that there are two versions of CodeQL included. - if ($toolName -eq "CodeQL") { - $foundPriorVersion = Get-Item $expectedVersionPath ` - | Sort-Object -Property {[SemVer]$_.name} -Descending ` - | Select-Object -Last 1 - $foundPriorVersionPath = Join-Path $foundPriorVersion $tool.arch - - $priorExecutablePath = Join-Path $foundPriorVersionPath "codeql/codeql" - It "Validate prior version of codeql/codeql" -TestCases @{PriorExecutablePath = $priorExecutablePath} { - $PriorExecutablePath | Should -Exist - } - } } } } -} \ No newline at end of file +}