Skip to content

Commit

Permalink
fix(sbom-tools): allow CodeQL report fetching for PR heads (#343)
Browse files Browse the repository at this point in the history
Github runs CodeQL on PR merge commits, not PR head commits, so we need a way
to identify the CodeQL runs for those merge refs. Do that by accepting a PR
number as an environment variable.
  • Loading branch information
addaleax authored Jun 5, 2024
1 parent 44624b7 commit cedcba6
Showing 1 changed file with 10 additions and 3 deletions.
13 changes: 10 additions & 3 deletions packages/sbom-tools/src/commands/fetch-codeql-results.ts
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ type ResolvedCommitInformation = {
repo: string;
forPackage?: string;
commit: string;
alternativeRef?: string;
};

type UnresolvedRepoInformation = Omit<ResolvedCommitInformation, 'commit'> &
Expand All @@ -25,7 +26,7 @@ type UnresolvedRepoInformation = Omit<ResolvedCommitInformation, 'commit'> &
// Get CodeQL SARIF reports for a single commit in a single repository
async function getSingleCommitSarif(
octokit: Octokit,
{ owner, repo, commit }: ResolvedCommitInformation
{ owner, repo, commit, alternativeRef }: ResolvedCommitInformation
): Promise<unknown[]> {
const reportIds = new Set<number>();
for (let page = 0; ; page++) {
Expand All @@ -36,7 +37,7 @@ async function getSingleCommitSarif(
});
const previousPageAlreadyHadSomeData = reportIds.size > 0;
for (const item of data) {
if (item.commit_sha === commit) {
if (item.commit_sha === commit || item.ref === alternativeRef) {
reportIds.add(item.id);
}
}
Expand Down Expand Up @@ -183,11 +184,17 @@ async function getCurrentRepo(): Promise<ResolvedCommitInformation> {
encoding: 'utf8',
})
).stdout.trim();

let alternativeRef;
if (process.env.GITHUB_PR_NUMBER) {
alternativeRef = `refs/pull/${process.env.GITHUB_PR_NUMBER}/merge`;
}

const repo = repoForPackageJSON(
JSON.parse(await fs.readFile('package.json', 'utf8')),
'<root>'
);
return { ...repo, commit };
return { ...repo, commit, alternativeRef };
}

export async function fetchCodeQLResults(
Expand Down

0 comments on commit cedcba6

Please sign in to comment.