From 1f14cffed38ec27c6eefad01180771603725c846 Mon Sep 17 00:00:00 2001 From: travisgosselin Date: Wed, 7 Dec 2022 15:22:07 -0500 Subject: [PATCH 1/2] Move CodeQL latest version query behind CLI arg --- container/setup.py | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/container/setup.py b/container/setup.py index c3a0843..b6eb426 100755 --- a/container/setup.py +++ b/container/setup.py @@ -43,10 +43,12 @@ def get_latest_codeql(args): codeql = CodeQL(CODEQL_HOME) current_installed_version = codeql.get_current_local_version() logger.info(f'Current codeql version: {current_installed_version}') - latest_online_version = codeql.get_latest_codeql_github_version() - if current_installed_version != latest_online_version.title and args.check_latest_cli: - # we got a newer version online, download and install it - codeql.download_and_install_latest_codeql(latest_online_version) + # ensure we only query for the latest codeql cli version if we might actually update it + if args.check_latest_cli: + latest_online_version = codeql.get_latest_codeql_github_version() + if current_installed_version != latest_online_version.title: + # we got a newer version online, download and install it + codeql.download_and_install_latest_codeql(latest_online_version) # get the latest queries regardless (TODO: Optimize by storing and checking the last commit hash?) if args.check_latest_queries: codeql.download_and_install_latest_codeql_queries() From d7766e5c2e2fb94dff21aa4fc307ef91ab7e90e2 Mon Sep 17 00:00:00 2001 From: travisgosselin Date: Wed, 7 Dec 2022 15:28:05 -0500 Subject: [PATCH 2/2] Add GitHub authentication for PyGithub with env var GITHUB_TOKEN --- container/libs/github.py | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/container/libs/github.py b/container/libs/github.py index 32547f9..d576216 100644 --- a/container/libs/github.py +++ b/container/libs/github.py @@ -1,8 +1,14 @@ -from datetime import datetime, MINYEAR +import os +from datetime import datetime, MINYEAR from github import Github, GitRelease, Repository, GithubException def get_latest_github_repo_version(repo): - client = Github() + # check for a github token that may be used alongside the codeql cli to upload github results + # this will limit rate limting 403 errors on checking codeql versions, as the request will be authenticated if possible. + # by default codeql uses env var "GITHUB_TOKEN" to authenticate + # https://codeql.github.com/docs/codeql-cli/manual/github-upload-results/ + access_token = os.getenv('GITHUB_TOKEN') + client = Github(access_token) if access_token != None else Github() repo = client.get_repo(repo) releases = repo.get_releases() latest_release = get_latest_github_release(releases)