Merge pull request #2 from github/send-tool-names

kevinsawicki · web-flow · commit bbc0dc88fba0 · 2020-04-29T12:22:18.000-07:00
Send tool names to upload endpoint
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
@@ -1,7 +1,7 @@
 ### Merge / deployment checklist
 
-- Run test builds as necessary. Can be on this repository or elsewhere as needed in order to test the change - please include links to tests in otehr repos!
+- Run test builds as necessary. Can be on this repository or elsewhere as needed in order to test the change - please include links to tests in other repos!
   - [ ] CodeQL using init/finish actions
   - [ ] 3rd party tool using upload action
 - [ ] Confirm this change is backwards compatible with existing workflows.
-- [ ] Confirm the [readme](https://github.com/github/codeql-action/blob/master/README.md) has been updated if necessary.
+- [ ] Confirm the [readme](https://github.com/github/codeql-action/blob/master/README.md) has been updated if necessary.
diff --git a/lib/upload-lib.js b/lib/upload-lib.js
diff --git a/lib/util.js b/lib/util.js
diff --git a/src/testdata/tool-names.sarif b/src/testdata/tool-names.sarif
@@ -0,0 +1,41 @@
+{
+  "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
+  "version": "2.1.0",
+  "runs": [
+    {
+      "tool": {
+        "driver": {
+          "name": "CodeQL command-line toolchain"
+        }
+      }
+    },
+    {
+      "tool": {
+        "driver": {
+          "name": "CodeQL command-line toolchain"
+        }
+      }
+    },
+    {
+      "tool": {
+        "driver": {
+          "name": "ESLint"
+        }
+      }
+    },
+    {
+      "tool": {
+        "driver": {
+          "name": ""
+        }
+      }
+    },
+    {
+      "tool": {
+        "driver": {
+          "name": null
+        }
+      }
+    }
+  ]
+}
diff --git a/src/upload-lib.ts b/src/upload-lib.ts
@@ -98,6 +98,8 @@ async function uploadFiles(sarifFiles: string[]) {
             matrix = undefined;
         }
 
+        const toolNames = util.getToolNames(sarifPayload);
+
         const payload = JSON.stringify({
             "commit_oid": commitOid,
             "ref": ref,
@@ -106,7 +108,8 @@ async function uploadFiles(sarifFiles: string[]) {
             "workflow_run_id": workflowRunID,
             "checkout_uri": checkoutURI,
             "environment": matrix,
-            "started_at": startedAt
+            "started_at": startedAt,
+            "tool_names": toolNames,
         });
 
         core.info('Uploading results');
diff --git a/src/util.test.ts b/src/util.test.ts
@@ -0,0 +1,9 @@
+import * as fs from 'fs';
+
+import * as util from './util';
+
+test('getToolNames', () => {
+  const input = fs.readFileSync(__dirname + '/testdata/tool-names.sarif', 'utf8')
+  const toolNames = util.getToolNames(input);
+  expect(toolNames).toStrictEqual(["CodeQL command-line toolchain", "ESLint"])
+})
diff --git a/src/util.ts b/src/util.ts
@@ -293,3 +293,23 @@ export async function reportActionFailed(action: string, cause?: string, excepti
 export async function reportActionSucceeded(action: string) {
     await sendStatusReport(await createStatusReport(action, 'success'));
 }
+
+/**
+ * Get the array of all the tool names contained in the given sarif contents.
+ *
+ * Returns an array of unique string tool names.
+ */
+export function getToolNames(sarifContents: string): string[] {
+    const sarif = JSON.parse(sarifContents);
+    const toolNames = {};
+
+    for (const run of sarif.runs || []) {
+        const tool = run.tool || {};
+        const driver = tool.driver || {};
+        if (typeof driver.name === "string" && driver.name.length > 0) {
+            toolNames[driver.name] = true;
+        }
+    }
+
+    return Object.keys(toolNames);
+}
