Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix assumption that download URLs contain file extension #2710

Merged
merged 4 commits into from
Jan 22, 2025
Merged

Fix assumption that download URLs contain file extension #2710

merged 4 commits into from
Jan 22, 2025
+140 −47

Conversation

henrymercer
Copy link
Contributor

The CodeQL Action incorrectly assumes that it can infer the compression method of a CodeQL Bundle from its URL. This works most of the time, but not in the case that a CodeQL Bundle has been synced to a GHES instance using the CodeQL Action sync tool.

This bug has not yet been released as part of a version of GHES, but affects customers using GitHub Connect to pull in more recent versions of the Action.

Merge / deployment checklist

  • Confirm this change is backwards compatible with existing workflows.
  • Confirm the readme has been updated if necessary.
  • Confirm the changelog has been updated if necessary.

@Copilot Copilot bot review requested due to automatic review settings January 22, 2025 12:35
@henrymercer henrymercer requested a review from a team as a code owner January 22, 2025 12:35
Copilot
Copilot AI reviewed Jan 22, 2025
View reviewed changes

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again, by re-requesting a review.
@henrymercer henrymercer force-pushed the henrymercer/fix-extension-assumption branch from 283dbf2 to b0814e6 Compare January 22, 2025 12:53
@henrymercer
Fix assumption that download URLs contain file extension
d23f49f 
This is not the case when downloading the bundle from a GitHub Release synced to GHES with the CodeQL Action sync tool.
@henrymercer
Add changelog note
20bbc8f
@henrymercer henrymercer force-pushed the henrymercer/fix-extension-assumption branch from b0814e6 to 20bbc8f Compare January 22, 2025 13:02
henrymercer
henrymercer commented Jan 22, 2025
View reviewed changes
CHANGELOG.md Outdated Show resolved Hide resolved
NlightNFotis
NlightNFotis previously approved these changes Jan 22, 2025
View reviewed changes
Copy link
Member

@NlightNFotis NlightNFotis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Clean! Love this!

Thank you for the fix.

@henrymercer henrymercer force-pushed the henrymercer/fix-extension-assumption branch from 6ee0ea1 to 3505f81 Compare January 22, 2025 14:52
@henrymercer
Copy link
Contributor Author

Fixed a merge conflict. @NlightNFotis would you mind re-reviewing? Thanks!

@henrymercer henrymercer enabled auto-merge January 22, 2025 15:12
@henrymercer henrymercer merged commit 7e4b683 into main Jan 22, 2025
267 checks passed
@henrymercer henrymercer deleted the henrymercer/fix-extension-assumption branch January 22, 2025 16:03
This was referenced Jan 22, 2025
Open
Open
marcellodesales added a commit to marcellodesales/runner that referenced this pull request Jan 22, 2025
@marcellodesales
🐳 Dockerfile: add zstd better compression missing for codeQL
ea77ae5 
This is based on the problems reported at github/codeql-action#2705 and github/codeql-action#2400 where the base docker image doesn't include zstd compression tool. The error occurs running codeQL:

 Finished downloading CodeQL bundle to /home/runner/_work/_temp/ca3b4527-1a21-43d9-8713-81909027bb0a (11.1s).
  Extracting CodeQL bundle.
  ##[debug]Extracting to /home/runner/_work/_temp/c2146770-b178-4be5-9164-0a0e8345e244.
  tar -x --zstd --warning=no-unknown-keyword --overwrite -f /home/runner/_work/_temp/ca3b4527-1a21-43d9-8713-81909027bb0a -C /home/runner/_work/_temp/c2146770-b178-4be5-9164-0a0e8345e244
  tar (child): zstd: Cannot exec: No such file or directory
  tar (child): Error is not recoverable: exiting now
  tar: Child returned status 2
  tar: Error is not recoverable: exiting now
  ##[debug]Cleaning up extraction destination directory.
  ##[debug]Cleaned up extraction destination directory.
  ##[debug]Cleaning up CodeQL bundle archive.
  ##[debug]Cleaned up CodeQL bundle archive.
  Error: Unable to download and extract CodeQL CLI: Failed to run "tar -x --zstd --warning=no-unknown-keyword --overwrite -f /home/runner/_work/_temp/ca3b4527-1a21-43d9-8713-81909027bb0a -C /home/runner/_work/_temp/c2146770-b178-4be5-9164-0a0e8345e244". Exit code was 2 and last log line was: n/a. See the logs for more details.
  
  Details: Error: Failed to run "tar -x --zstd --warning=no-unknown-keyword --overwrite -f /home/runner/_work/_temp/ca3b4527-1a21-43d9-8713-81909027bb0a -C /home/runner/_work/_temp/c2146770-b178-4be5-9164-0a0e8345e244". Exit code was 2 and last log line was: n/a. See the logs for more details.
      at ChildProcess.<anonymous> (/home/runner/_work/_actions/github/codeql-action/v3.28.1/lib/tar.js:171:28)
      at ChildProcess.emit (node:events:519:28)
      at ChildProcess._handle.onexit (node:internal/child_process:294:12)

Why: it will drastically increase performance while downloading codeQL.

A fix was pushed to github/codeql-action#2710 but it hasn't been released. Just including zstd will guarantee to use the best compression tool other than tar.
@marcellodesales marcellodesales mentioned this pull request Jan 22, 2025
Open
@github-actions github-actions bot mentioned this pull request Jan 22, 2025
Merged
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@NlightNFotis NlightNFotis NlightNFotis approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@henrymercer @NlightNFotis