Skip to content

Commit

Permalink
Use GITHUB_WORKFLOW_REF
Browse files Browse the repository at this point in the history
Introduced with GHES 3.9:
https://docs.github.com/en/[email protected]/actions/learn-github-actions/variables

GITHUB_WORKFLOW_REF means that actions don't need to use `actions: read`
to determine the path to the running workflow.
  • Loading branch information
jsoref committed May 22, 2024
1 parent b1bd8da commit abe17b5
Show file tree
Hide file tree
Showing 5 changed files with 16 additions and 35 deletions.
2 changes: 1 addition & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ Note that the only difference between `v2` and `v3` of the CodeQL Action is the

## [UNRELEASED]

No user facing changes.
- Users will no longer need to include `actions: read` permissions to use `upload-sarif` in private repositories.

## 3.25.6 - 20 May 2024

Expand Down
17 changes: 5 additions & 12 deletions lib/api-client.js

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion lib/api-client.js.map

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 3 additions & 2 deletions queries/default-setup-environment-variables.ql
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,9 @@ predicate isSafeForDefaultSetup(string envVar) {
"GITHUB_ACTION_REF", "GITHUB_ACTION_REPOSITORY", "GITHUB_ACTOR", "GITHUB_API_URL",
"GITHUB_BASE_REF", "GITHUB_EVENT_NAME", "GITHUB_JOB", "GITHUB_RUN_ATTEMPT", "GITHUB_RUN_ID",
"GITHUB_SHA", "GITHUB_REPOSITORY", "GITHUB_SERVER_URL", "GITHUB_TOKEN", "GITHUB_WORKFLOW",
"GITHUB_WORKSPACE", "GOFLAGS", "ImageVersion", "JAVA_TOOL_OPTIONS", "RUNNER_ARCH",
"RUNNER_ENVIRONMENT", "RUNNER_NAME", "RUNNER_OS", "RUNNER_TEMP", "RUNNER_TOOL_CACHE"
"GITHUB_WORKFLOW_REF", "GITHUB_WORKSPACE", "GOFLAGS", "ImageVersion", "JAVA_TOOL_OPTIONS",
"RUNNER_ARCH", "RUNNER_ENVIRONMENT", "RUNNER_NAME", "RUNNER_OS", "RUNNER_TEMP",
"RUNNER_TOOL_CACHE"
]
}

Expand Down
25 changes: 6 additions & 19 deletions src/api-client.ts
Original file line number Diff line number Diff line change
Expand Up @@ -121,25 +121,12 @@ export async function getGitHubVersion(): Promise<GitHubVersion> {
* Get the path of the currently executing workflow relative to the repository root.
*/
export async function getWorkflowRelativePath(): Promise<string> {
const repo_nwo = getRequiredEnvParam("GITHUB_REPOSITORY").split("/");
const owner = repo_nwo[0];
const repo = repo_nwo[1];
const run_id = Number(getRequiredEnvParam("GITHUB_RUN_ID"));

const apiClient = getApiClient();
const runsResponse = await apiClient.request(
"GET /repos/:owner/:repo/actions/runs/:run_id?exclude_pull_requests=true",
{
owner,
repo,
run_id,
},
);
const workflowUrl = runsResponse.data.workflow_url;

const workflowResponse = await apiClient.request(`GET ${workflowUrl}`);

return workflowResponse.data.path;
const workflow_ref = process.env["GITHUB_WORKFLOW_REF"];
const workflowRegExp = new RegExp("^[^/]+/[^/]+/(.*?)@.*");
const match = workflow_ref?.match(workflowRegExp);
return new Promise((resolve) => {
resolve(match ? match[1] : '');
});
}

/**
Expand Down

0 comments on commit abe17b5

Please sign in to comment.