[macOS] Added CodeQL Action Bundle to macOS 11 and macOS 12 (#6068)

* [macOS] CodeQL Action Bundle added to macOS 11 and 12 images * [macOS] Added CodeQL Action Bundle to macOS 11 and macOS 12 * [macOS] Added CodeQL Action Bundle to macOS 11 and macOS 12
2025-12-12 20:26:49 +00:00 · 2022-08-15 19:36:32 +02:00
parent b135fb8a59
commit c25ce452cb
8 changed files with 50 additions and 5 deletions
--- a/images/macos/provision/core/codeql-bundle.sh
+++ b/images/macos/provision/core/codeql-bundle.sh
@@ -0,0 +1,23 @@
+#!/bin/bash -e -o pipefail
+source ~/utils/utils.sh
+
+# Retrieve the name of the CodeQL bundle preferred by the Action (in the format codeql-bundle-YYYYMMDD).
+codeql_bundle_name="$(curl -sSL https://raw.githubusercontent.com/github/codeql-action/v2/src/defaults.json | jq -r .bundleVersion)"
+# Convert the bundle name to a version number (0.0.0-YYYYMMDD).
+codeql_bundle_version="0.0.0-${codeql_bundle_name##*-}"
+
+echo "Downloading CodeQL bundle $codeql_bundle_version..."
+download_with_retries "https://github.com/github/codeql-action/releases/download/$codeql_bundle_name/codeql-bundle.tar.gz" "/tmp" "codeql-bundle.tar.gz"
+codeqlArchive="/tmp/codeql-bundle.tar.gz"
+
+codeqlToolcachePath="$AGENT_TOOLSDIRECTORY/codeql/$codeql_bundle_version/x64"
+mkdir -p $codeqlToolcachePath
+
+echo "Unpacking the downloaded CodeQL bundle archive..."
+tar -xzf $codeqlArchive -C $codeqlToolcachePath
+
+# Touch a special file that indicates to the CodeQL Action that this bundle was baked-in to the hosted runner images.
+touch "$codeqlToolcachePath/pinned-version"
+
+# Touch a file to indicate to the toolcache that setting up CodeQL is complete.
+touch "$codeqlToolcachePath.complete"
--- a/images/macos/software-report/SoftwareReport.Common.psm1
+++ b/images/macos/software-report/SoftwareReport.Common.psm1
@@ -585,3 +585,11 @@ function Build-GraalVMTable {
        "Environment variables" = $envVariables
    }
 }
+
+function Get-CodeQLBundleVersion {
+    $CodeQLVersionWildcard = Join-Path $Env:AGENT_TOOLSDIRECTORY -ChildPath "CodeQL" | Join-Path -ChildPath "*"
+    $CodeQLVersionPath = Get-ChildItem $CodeQLVersionWildcard | Select-Object -First 1 -Expand FullName
+    $CodeQLPath = Join-Path $CodeQLVersionPath -ChildPath "x64" | Join-Path -ChildPath "codeql" | Join-Path -ChildPath "codeql"
+    $CodeQLVersion = & $CodeQLPath version --quiet
+    return "CodeQL Action Bundle $CodeQLVersion"
+}
--- a/images/macos/software-report/SoftwareReport.Generator.ps1
+++ b/images/macos/software-report/SoftwareReport.Generator.ps1
@@ -159,7 +159,8 @@ $toolsList = @(
    (Get-AzureDevopsVersion),
    (Get-AWSCLIVersion),
    (Get-AWSSAMCLIVersion),
-    (Get-AWSSessionManagerCLIVersion)
+    (Get-AWSSessionManagerCLIVersion),
+    (Get-CodeQLBundleVersion)
 )

 if ($os.IsLessThanMonterey) {
--- a/images/macos/templates/macOS-11.anka.pkr.hcl
+++ b/images/macos/templates/macOS-11.anka.pkr.hcl
@@ -212,7 +212,8 @@ build {
      "./provision/core/pypy.sh",
      "./provision/core/pipx-packages.sh",
      "./provision/core/bicep.sh",
-      "./provision/core/graalvm.sh"
+      "./provision/core/graalvm.sh",
+      "./provision/core/codeql-bundle.sh"
    ]
    environment_vars = [
      "API_PAT=${var.github_api_pat}"
--- a/images/macos/templates/macOS-11.json
+++ b/images/macos/templates/macOS-11.json
@@ -207,7 +207,8 @@
                "./provision/core/pypy.sh",
                "./provision/core/pipx-packages.sh",
                "./provision/core/bicep.sh",
-                "./provision/core/graalvm.sh"
+                "./provision/core/graalvm.sh",
+                "./provision/core/codeql-bundle.sh"
            ],
            "environment_vars": [
                "API_PAT={{user `github_api_pat`}}"
--- a/images/macos/templates/macOS-12.anka.pkr.hcl
+++ b/images/macos/templates/macOS-12.anka.pkr.hcl
@@ -213,7 +213,8 @@ build {
      "./provision/core/pypy.sh",
      "./provision/core/pipx-packages.sh",
      "./provision/core/bicep.sh",
-      "./provision/core/graalvm.sh"
+      "./provision/core/graalvm.sh",
+      "./provision/core/codeql-bundle.sh"
    ]
    environment_vars = [
      "API_PAT=${var.github_api_pat}"
--- a/images/macos/templates/macOS-12.json
+++ b/images/macos/templates/macOS-12.json
@@ -208,7 +208,8 @@
                "./provision/core/pypy.sh",
                "./provision/core/pipx-packages.sh",
                "./provision/core/bicep.sh",
-                "./provision/core/graalvm.sh"
+                "./provision/core/graalvm.sh",
+                "./provision/core/codeql-bundle.sh"
            ],
            "environment_vars": [
                "API_PAT={{user `github_api_pat`}}"
--- a/images/macos/tests/Common.Tests.ps1
+++ b/images/macos/tests/Common.Tests.ps1
@@ -138,3 +138,12 @@ Describe "VirtualBox" -Skip:($os.IsBigSur) {
        kextstat | Out-String | Should -Match "org.virtualbox.kext"
    }
 }
+
+Describe "CodeQL Action Bundle" {
+    It "codeql" {
+        $CodeQLVersionWildcard = Join-Path $Env:AGENT_TOOLSDIRECTORY -ChildPath "CodeQL" | Join-Path -ChildPath "*"
+        $CodeQLVersionPath = Get-ChildItem $CodeQLVersionWildcard | Select-Object -First 1 -Expand FullName
+        $CodeQLPath = Join-Path $CodeQLVersionPath -ChildPath "x64" | Join-Path -ChildPath "codeql" | Join-Path -ChildPath "codeql"
+        "$CodeQLPath version --quiet" | Should -ReturnZeroExitCode
+    }
+}