Apply path exclusions to default paths in actions extractor

2025-12-17 01:03:14 +01:00 · 2025-03-03 02:53:35 -05:00
parent 2f2c9f8943
commit a2ec4d20b1
2 changed files with 53 additions and 22 deletions
--- a/actions/extractor/tools/autobuild-impl.ps1
+++ b/actions/extractor/tools/autobuild-impl.ps1
@@ -1,24 +1,39 @@
-if (($null -ne $env:LGTM_INDEX_INCLUDE) -or ($null -ne $env:LGTM_INDEX_EXCLUDE) -or ($null -ne $env:LGTM_INDEX_FILTERS)) {
-    Write-Output 'Path filters set. Passing them through to the JavaScript extractor.' 
-} else {
-    Write-Output 'No path filters set. Using the default filters.'
-    # Note: We're adding the `reusable_workflows` subdirectories to proactively
-    # record workflows that were called cross-repo, check them out locally,
-    # and enable an interprocedural analysis across the workflow files.
-    # These workflows follow the convention `.github/reusable_workflows/<nwo>/*.ya?ml`
-    $DefaultPathFilters = @(
-        'exclude:**/*',
-        'include:.github/workflows/*.yml',
-        'include:.github/workflows/*.yaml',
-        'include:.github/reusable_workflows/**/*.yml',
-        'include:.github/reusable_workflows/**/*.yaml',
-        'include:**/action.yml',
-        'include:**/action.yaml'
-    )
+# Note: We're adding the `reusable_workflows` subdirectories to proactively
+# record workflows that were called cross-repo, check them out locally,
+# and enable an interprocedural analysis across the workflow files.
+# These workflows follow the convention `.github/reusable_workflows/<nwo>/*.ya?ml`
+$DefaultPathFilters = @(
+    'exclude:**/*',
+    'include:.github/workflows/*.yml',
+    'include:.github/workflows/*.yaml',
+    'include:.github/reusable_workflows/**/*.yml',
+    'include:.github/reusable_workflows/**/*.yaml',
+    'include:**/action.yml',
+    'include:**/action.yaml'
+)

-    $env:LGTM_INDEX_FILTERS = $DefaultPathFilters -join "`n"
+Write-Output "Initial 'LGTM_INDEX_INCLUDE':"
+Write-Output $env:LGTM_INDEX_INCLUDE
+Write-Output "Initial 'LGTM_INDEX_EXCLUDE':"
+Write-Output $env:LGTM_INDEX_EXCLUDE
+Write-Output "Initial 'LGTM_INDEX_FILTERS':"
+Write-Output $env:LGTM_INDEX_FILTERS
+
+# If the user has specified any paths to include, we will scan those paths as-is.
+# If the user has only specified paths to exclude, or has not specified any paths at all,
+# we will scan the default paths, but apply the user-specified exclusions to them.
+if ($null -ne $env:LGTM_INDEX_INCLUDE) {
+    Write-Output "'LGTM_INDEX_INCLUDE' set. Passing all path inclusions, exclusions, and filters through to the JavaScript extractor."
+} elseif ($env:LGTM_INDEX_FILTERS -match '(?m)include:') {
+    Write-Output "'LGTM_INDEX_FILTERS' contains at least one 'include:' filter. Passing all path inclusions, exclusions, and filters through to the JavaScript extractor."
+} else {
+    Write-Output "'LGTM_INDEX_FILTERS' contains no 'include:' filters. Using the default path filters, with any user-specified exclusions applied."
+    $env:LGTM_INDEX_FILTERS = ($DefaultPathFilters -join "`n") + "`n" + $env:LGTM_INDEX_FILTERS
 }

+Write-Output "Final 'LGTM_INDEX_FILTERS':"
+Write-Output $env:LGTM_INDEX_FILTERS
+
 # Find the JavaScript extractor directory via `codeql resolve extractor`.
 $CodeQL = Join-Path $env:CODEQL_DIST 'codeql.exe'
 $env:CODEQL_EXTRACTOR_JAVASCRIPT_ROOT = &$CodeQL resolve extractor --language javascript
--- a/actions/extractor/tools/autobuild.sh
+++ b/actions/extractor/tools/autobuild.sh
@@ -17,14 +17,30 @@ include:**/action.yaml
 END
 )

-if [ -n "${LGTM_INDEX_INCLUDE:-}" ] || [ -n "${LGTM_INDEX_EXCLUDE:-}" ] || [ -n "${LGTM_INDEX_FILTERS:-}" ] ; then
-    echo "Path filters set. Passing them through to the JavaScript extractor."
+echo "Initial 'LGTM_INDEX_INCLUDE':"
+echo ${LGTM_INDEX_INCLUDE:-}
+echo "Initial 'LGTM_INDEX_EXCLUDE':"
+echo ${LGTM_INDEX_EXCLUDE:-}
+echo "Initial 'LGTM_INDEX_FILTERS':"
+echo ${LGTM_INDEX_FILTERS:-}
+
+# If the user has specified any paths to include, we will scan those paths as-is.
+# If the user has only specified paths to exclude, or has not specified any paths at all,
+# we will scan the default paths, but apply the user-specified exclusions to them.
+newline=$'\n'
+if [ -n "${LGTM_INDEX_INCLUDE:-}" ] ; then
+    echo "'LGTM_INDEX_INCLUDE' set. Passing all path inclusions, exclusions, and filters through to the JavaScript extractor."
+elif [[ "${LGTM_INDEX_FILTERS}" =~ (^|$newline)include: ]]; then
+    echo "'LGTM_INDEX_FILTERS' contains at least one 'include:' filter. Passing all path inclusions, exclusions, and filters through to the JavaScript extractor."
 else
-    echo "No path filters set. Using the default filters."
-    LGTM_INDEX_FILTERS="${DEFAULT_PATH_FILTERS}"
+    echo "'LGTM_INDEX_FILTERS' contains no 'include:' filters. Using the default path filters, with any user-specified exclusions applied."
+    LGTM_INDEX_FILTERS="${DEFAULT_PATH_FILTERS}${newline}${LGTM_INDEX_FILTERS}"
    export LGTM_INDEX_FILTERS
 fi

+echo "Final 'LGTM_INDEX_FILTERS':"
+echo ${LGTM_INDEX_FILTERS}
+
 # Find the JavaScript extractor directory via `codeql resolve extractor`.
 CODEQL_EXTRACTOR_JAVASCRIPT_ROOT="$($CODEQL_DIST/codeql resolve extractor --language javascript)"
 export CODEQL_EXTRACTOR_JAVASCRIPT_ROOT