@@ -15,7 +15,10 @@ import * as api from "./api-client";
1515// creation scripts. Ensure that any changes to the format of this file are compatible with both of
1616// these dependents.
1717import * as defaults from "./defaults.json" ;
18- import { CodeQLDefaultVersionInfo } from "./feature-flags" ;
18+ import {
19+ CODEQL_VERSION_BUNDLE_SEMANTICALLY_VERSIONED ,
20+ CodeQLDefaultVersionInfo ,
21+ } from "./feature-flags" ;
1922import { Logger } from "./logging" ;
2023import * as util from "./util" ;
2124import { isGoodVersion , wrapError } from "./util" ;
@@ -610,20 +613,12 @@ export async function downloadCodeQL(
610613 ) ;
611614 }
612615
613- // Include both the CLI version and the bundle version in the toolcache version number. That way
614- // if the user requests the same URL again, we can get it from the cache without having to call
615- // any of the Releases API.
616- //
617- // Special case: If the CLI version is a pre-release or contains build metadata, then cache the
618- // bundle as `0.0.0-<bundleVersion>` to avoid the bundle being interpreted as containing a stable
619- // CLI release. In principle, it should be enough to just check that the CLI version isn't a
620- // pre-release, but the version numbers of CodeQL nightlies have the format `x.y.z+<timestamp>`,
621- // and we don't want these nightlies to override stable CLI versions in the toolcache.
622- const toolcacheVersion = maybeCliVersion ?. match ( / ^ [ 0 - 9 ] + \. [ 0 - 9 ] + \. [ 0 - 9 ] + $ / )
623- ? `${ maybeCliVersion } ${ bundleVersion }
624- : convertToSemVer ( bundleVersion , logger ) ;
625-
626616 logger . debug ( "Caching CodeQL bundle." ) ;
617+ const toolcacheVersion = getCanonicalToolcacheVersion (
618+ maybeCliVersion ,
619+ bundleVersion ,
620+ logger ,
621+ ) ;
627622 const toolcachedBundlePath = await toolcache . cacheDir (
628623 extractedBundlePath ,
629624 "CodeQL" ,
@@ -656,6 +651,38 @@ export function getCodeQLURLVersion(url: string): string {
656651 return match [ 1 ] ;
657652}
658653
654+ /**
655+ * Returns the toolcache version number to use to store the bundle with the associated CLI version
656+ * and bundle version.
657+ *
658+ * This is the canonical version number, since toolcaches populated by different versions of the
659+ * CodeQL Action or different runner image creation scripts may store the bundle using a different
660+ * version number. Functions like `getCodeQLSource` that fetch the bundle from rather than save the
661+ * bundle to the toolcache should handle these different version numbers.
662+ */
663+ function getCanonicalToolcacheVersion (
664+ cliVersion : string | undefined ,
665+ bundleVersion : string ,
666+ logger : Logger ,
667+ ) {
668+ // If the CLI version is a pre-release or contains build metadata, then cache the
669+ // bundle as `0.0.0-<bundleVersion>` to avoid the bundle being interpreted as containing a stable
670+ // CLI release. In principle, it should be enough to just check that the CLI version isn't a
671+ // pre-release, but the version numbers of CodeQL nightlies have the format `x.y.z+<timestamp>`,
672+ // and we don't want these nightlies to override stable CLI versions in the toolcache.
673+ if ( ! cliVersion ?. match ( / ^ [ 0 - 9 ] + \. [ 0 - 9 ] + \. [ 0 - 9 ] + $ / ) ) {
674+ return convertToSemVer ( bundleVersion , logger ) ;
675+ }
676+ // If the bundle is semantically versioned, it can be looked up based on just the CLI version
677+ // number, so version it in the toolcache using just the CLI version number.
678+ if ( semver . gte ( cliVersion , CODEQL_VERSION_BUNDLE_SEMANTICALLY_VERSIONED ) ) {
679+ return cliVersion ;
680+ }
681+ // Include both the CLI version and the bundle version in the toolcache version number. That way
682+ // we can find the bundle in the toolcache based on either the CLI version or the bundle version.
683+ return `${ cliVersion } ${ bundleVersion } ;
684+ }
685+
659686/**
660687 * Obtains the CodeQL bundle, installs it in the toolcache if appropriate, and extracts it.
661688 *
0 commit comments