-
Notifications
You must be signed in to change notification settings - Fork 166
Expand file tree
/
Copy pathinstall-codeql.ps1
More file actions
79 lines (60 loc) · 2.93 KB
/
install-codeql.ps1
File metadata and controls
79 lines (60 loc) · 2.93 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
param(
[string]$InstallDir = (Join-Path -Path (Join-Path -Path $PSScriptRoot -ChildPath "..") -ChildPath "codeql\\bin")
)
Set-StrictMode -Version Latest
$ErrorActionPreference = "Stop"
$workflowPath = Join-Path -Path (Join-Path -Path $PSScriptRoot -ChildPath "..") -ChildPath ".github\\workflows\\codeql.yml"
if (-not (Test-Path -Path $workflowPath)) {
throw "CodeQL workflow not found at '$workflowPath'."
}
$workflowContent = Get-Content -Path $workflowPath -Raw
$shaMatch = [regex]::Match($workflowContent, 'uses:\s*github/codeql-action/init@([0-9a-f]{40})')
if (-not $shaMatch.Success) {
throw "Unable to find a pinned github/codeql-action/init@<sha> entry in '$workflowPath'."
}
$actionSha = $shaMatch.Groups[1].Value
$defaultsUrl = "https://raw.githubusercontent.com/github/codeql-action/$actionSha/src/defaults.json"
Write-Host "Resolving CodeQL bundle from action SHA: $actionSha"
$defaults = Invoke-RestMethod -Uri $defaultsUrl
if (-not $defaults.bundleVersion) {
throw "bundleVersion was not found in $defaultsUrl."
}
$bundleVersion = [string]$defaults.bundleVersion
if ($bundleVersion -notmatch '^codeql-bundle-v[0-9]+\.[0-9]+\.[0-9]+$') {
throw "Unexpected bundleVersion '$bundleVersion' in $defaultsUrl."
}
$bundleName = "codeql-bundle-win64.tar.gz"
$codeql = Join-Path $installDir "codeql.exe"
# Create the installation directory if it doesn't exist
if (-not (Test-Path -Path $installDir)) {
New-Item -ItemType Directory -Force -Path $installDir
}
$versionFile = Join-Path -Path $installDir -ChildPath ".version"
#Check the version in the version file - if it matches the bundle version and codeql.exe exists, exit
if ((Test-Path -Path $versionFile) -and ((Get-Content -Path $versionFile) -eq $bundleVersion) -and (Test-Path -Path "$installDir\codeql.exe")) {
Write-Host "CodeQL is already installed."
& $codeql --version
exit 0
}
$tarFile = Join-Path -Path $installDir -ChildPath $bundleName
# Download the latest CodeQL CLI release
Push-Location $installDir
$downloadUrl = "https://github.com/github/codeql-action/releases/download/" + $bundleVersion + '/'+ $bundleName
# Invoke-WebRequest -Uri $downloadUrl -OutFile $tarFile
Write-Host "Downloading CodeQL CLI from $downloadUrl"
Write-Host "Saving to $installDir"
curl.exe -L -o $tarFile $downloadUrl
Write-Host "Preparing install directory $installDir"
Get-ChildItem -Path $installDir -Force | Where-Object { $_.Name -notin @($bundleName, ".version") } | Remove-Item -Recurse -Force
# Extract the downloaded archive
Write-Host "Extracting $tarFile"
tar -xf $tarFile --strip-components=1 -C $installDir
Write-Host "Extracted to $installDir"
Pop-Location
if (-not (Test-Path -Path $codeql)) {
throw "Installation failed: '$codeql' was not found after extraction."
}
# Write the installed bundle version after successful extraction
$bundleVersion | Out-File -FilePath $versionFile -Encoding ascii
# Verify installation by displaying the CodeQL version
& $codeql --version