Update scan action

2025-12-28 06:36:33 +01:00 · 2024-04-23 12:43:23 +02:00
parent f73571a752
commit a2ed07ec35
5 changed files with 27 additions and 22 deletions
--- a/.github/action/dist/index.js
+++ b/.github/action/dist/index.js
@@ -28606,7 +28606,7 @@ async function newCodeQL() {
    return {
        language: "yaml",
        path: await findCodeQL(),
-        pack: "githubsecuritylab/actions-queries",
+        pack: "githubsecuritylab/actions-all",
        suite: `codeql-suites/${core.getInput("suite") || "actions-code-scanning"}.qls`,
        source_root: core.getInput("source-root"),
        output: core.getInput("sarif"),
@@ -28706,6 +28706,15 @@ async function codeqlDatabaseAnalyze(codeql, database_path) {
        "--output",
        codeql_output,
    ];
+    const extPackPath = process.env["EXTPACK_PATH"];
+    const extPackName = process.env["EXTPACK_NAME"];
+    if (extPackPath !== undefined &&
+        extPackName !== undefined &&
+        extPackPath !== "" &&
+        extPackName !== "") {
+        cmd.push("--additional-packs", extPackPath);
+        cmd.push("--extension-packs", extPackName);
+    }
    // remote pack or local pack
    if (codeql.pack.startsWith("githubsecuritylab/")) {
        var suite = codeql.pack + ":" + codeql.suite;
--- a/.github/action/package-lock.json
+++ b/.github/action/package-lock.json
@@ -15,7 +15,7 @@
        "@actions/tool-cache": "^2.0.1"
      },
      "devDependencies": {
-        "@types/node": "^20.6.0",
+        "@types/node": "^20.12.7",
        "@vercel/ncc": "^0.38.0",
        "prettier": "^3.0.3",
        "typescript": "^5.2.2"
@@ -195,9 +195,9 @@
      }
    },
    "node_modules/@types/node": {
-      "version": "20.11.19",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-20.11.19.tgz",
-      "integrity": "sha512-7xMnVEcZFu0DikYjWOlRq7NTPETrm7teqUT2WkQjrTIkEgUyyGdWsj/Zg8bEJt5TNklzbPD1X3fqfsHw3SpapQ==",
+      "version": "20.12.7",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-20.12.7.tgz",
+      "integrity": "sha512-wq0cICSkRLVaf3UGLMGItu/PtdY7oaXaI/RVU+xliKVOtRna3PRY57ZDfztpDL0n11vfymMUnXv8QwYCO7L1wg==",
      "dev": true,
      "dependencies": {
        "undici-types": "~5.26.4"
@@ -520,9 +520,9 @@
      }
    },
    "@types/node": {
-      "version": "20.11.19",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-20.11.19.tgz",
-      "integrity": "sha512-7xMnVEcZFu0DikYjWOlRq7NTPETrm7teqUT2WkQjrTIkEgUyyGdWsj/Zg8bEJt5TNklzbPD1X3fqfsHw3SpapQ==",
+      "version": "20.12.7",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-20.12.7.tgz",
+      "integrity": "sha512-wq0cICSkRLVaf3UGLMGItu/PtdY7oaXaI/RVU+xliKVOtRna3PRY57ZDfztpDL0n11vfymMUnXv8QwYCO7L1wg==",
      "dev": true,
      "requires": {
        "undici-types": "~5.26.4"
--- a/.github/action/package.json
+++ b/.github/action/package.json
@@ -40,7 +40,7 @@
    "@actions/tool-cache": "^2.0.1"
  },
  "devDependencies": {
-    "@types/node": "^20.6.0",
+    "@types/node": "^20.12.7",
    "@vercel/ncc": "^0.38.0",
    "prettier": "^3.0.3",
    "typescript": "^5.2.2"
--- a/.github/action/src/codeql.ts
+++ b/.github/action/src/codeql.ts
@@ -149,7 +149,12 @@ export async function codeqlDatabaseAnalyze(

  const extPackPath = process.env["EXTPACK_PATH"];
  const extPackName = process.env["EXTPACK_NAME"];
-  if (extPackPath !== undefined && extPackName !== undefined) {
+  if (
+    extPackPath !== undefined &&
+    extPackName !== undefined &&
+    extPackPath !== "" &&
+    extPackName !== ""
+  ) {
    cmd.push("--additional-packs", extPackPath);
    cmd.push("--extension-packs", extPackName);
  }