Send per-query alert count event reports under QA telemetry flag

Author: angelapwen

lib/actions-util.js.map

@@ -315,6 +315,25 @@ export type ActionStatus =
   | "failure"
   | "user-error";
 
+// Any status report may include an array of EventReports associated with it.
+export interface EventReport {
+  /** An enumerable description of the event. */
+  event: string;
+  /** Time this event started. */
+  started_at: string;
+  /** Time this event ended. */
+  completed_at: string;
+  /** eg: `success`, `failure`, `timeout`, etc. */
+  exit_status?: string;
+  /** If the event is language-specific. */
+  language?: string;
+  /**
+   * A generic JSON blob of data related to this event.
+   * Use Object.assign() to append additional fields to the object.
+   */
+  properties?: object;
+}
+
 export interface StatusReportBase {
   /**
    * UUID representing the job run that this status report belongs to. We

lib/analyze.js

@@ -2,18 +2,20 @@ import * as fs from "fs";
 import * as path from "path";
 import { performance } from "perf_hooks";
 
+import * as core from "@actions/core";
 import * as toolrunner from "@actions/exec/lib/toolrunner";
 import del from "del";
 import * as yaml from "js-yaml";
 
-import { DatabaseCreationTimings } from "./actions-util";
+import { DatabaseCreationTimings, EventReport } from "./actions-util";
 import * as analysisPaths from "./analysis-paths";
 import { CodeQL, getCodeQL } from "./codeql";
 import * as configUtils from "./config-utils";
 import { FeatureEnablement, Feature } from "./feature-flags";
 import { isScannedLanguage, Language } from "./languages";
 import { Logger } from "./logging";
 import { endTracingForCluster } from "./tracer-config";
+import { validateSarifFileSchema } from "./upload-lib";
 import * as util from "./util";
 
 export class CodeQLAnalysisError extends Error {
@@ -78,6 +80,8 @@ export interface QueriesStatusReport {
   interpret_results_swift_duration_ms?: number;
   /** Name of language that errored during analysis (or undefined if no language failed). */
   analyze_failure_language?: string;
+  /** Reports on discrete events associated with this status report. */
+  event_reports?: EventReport[];
 }
 
 async function setupPythonExtractor(
@@ -242,6 +246,9 @@ export async function runQueries(
     const packsWithVersion = config.packs[language] || [];
 
     try {
+      const sarifFile = path.join(sarifFolder, `${language}.sarif`);
+      let startTimeInterpretResults: number;
+      let endTimeInterpretResults: number;
       if (await util.useCodeScanningConfigInCli(codeql, features)) {
         // If we are using the code scanning config in the CLI,
         // much of the work needed to generate the query suites
@@ -257,16 +264,16 @@ export async function runQueries(
           new Date().getTime() - startTimeBuiltIn;
 
         logger.startGroup(`Interpreting results for ${language}`);
-        const startTimeInterpretResults = new Date().getTime();
-        const sarifFile = path.join(sarifFolder, `${language}.sarif`);
+        startTimeInterpretResults = new Date().getTime();
         const analysisSummary = await runInterpretResults(
           language,
           undefined,
           sarifFile,
           config.debugMode
         );
+        endTimeInterpretResults = new Date().getTime();
         statusReport[`interpret_results_${language}_duration_ms`] =
-          new Date().getTime() - startTimeInterpretResults;
+          endTimeInterpretResults - startTimeInterpretResults;
         logger.endGroup();
         logger.info(analysisSummary);
       } else {
@@ -342,19 +349,43 @@ export async function runQueries(
         }
         logger.endGroup();
         logger.startGroup(`Interpreting results for ${language}`);
-        const startTimeInterpretResults = new Date().getTime();
-        const sarifFile = path.join(sarifFolder, `${language}.sarif`);
+        startTimeInterpretResults = new Date().getTime();
         const analysisSummary = await runInterpretResults(
           language,
           querySuitePaths,
           sarifFile,
           config.debugMode
         );
+        endTimeInterpretResults = new Date().getTime();
         statusReport[`interpret_results_${language}_duration_ms`] =
-          new Date().getTime() - startTimeInterpretResults;
+          endTimeInterpretResults - startTimeInterpretResults;
         logger.endGroup();
         logger.info(analysisSummary);
       }
+      if (await features.getValue(Feature.QaTelemetryEnabled)) {
+        const perQueryAlertCounts = getPerQueryAlertCounts(sarifFile, logger);
+
+        const perQueryAlertCountEventReport: EventReport = {
+          event: "codeql database interpret-results",
+          started_at: startTimeInterpretResults.toString(),
+          completed_at: endTimeInterpretResults.toString(),
+          exit_status: "success",
+          language,
+          properties: perQueryAlertCounts,
+        };
+
+        core.info(
+          `New event report:\n\n${JSON.stringify(
+            perQueryAlertCountEventReport
+          )}`
+        );
+
+        if (statusReport["event_reports"] === undefined) {
+          statusReport["event_reports"] = [];
+        }
+        statusReport["event_reports"].push(perQueryAlertCountEventReport);
+      }
+
       await runPrintLinesOfCode(language);
     } catch (e) {
       logger.info(String(e));
@@ -392,6 +423,38 @@ export async function runQueries(
     );
   }
 
+  /** Get an object with all queries and their counts parsed from a SARIF file path. */
+  function getPerQueryAlertCounts(
+    sarifPath: string,
+    log: Logger
+  ): Record<string, number> {
+    validateSarifFileSchema(sarifPath, log);
+    const sarifObject = JSON.parse(
+      fs.readFileSync(sarifPath, "utf8")
+    ) as util.SarifFile;
+    // We do not need to compute fingerprints because we are not sending data based off of locations.
+
+    // Generate the query: alert count object
+    const perQueryAlertCounts: Record<string, number> = {};
+
+    // All rules (queries), from all results, from all runs
+    for (const sarifRun of sarifObject.runs) {
+      if (sarifRun.results) {
+        for (const result of sarifRun.results) {
+          if (result.ruleId) {
+            if (result.ruleId in perQueryAlertCounts) {
+              perQueryAlertCounts[result.ruleId] =
+                perQueryAlertCounts[result.ruleId] + 1;
+            } else {
+              perQueryAlertCounts[result.ruleId] = 1;
+            }
+          }
+        }
+      }
+    }
+    return perQueryAlertCounts;
+  }
+
   async function runPrintLinesOfCode(language: Language): Promise<string> {
     const databasePath = util.getCodeQLDatabasePath(config, language);
     return await codeql.databasePrintBaseline(databasePath);

lib/analyze.js.map

@@ -1,6 +1,7 @@
 import * as fs from "fs";
 import * as path from "path";
 
+import * as core from "@actions/core";
 import * as semver from "semver";
 
 import { getApiClient } from "./api-client";
@@ -43,6 +44,7 @@ export enum Feature {
   ExportCodeScanningConfigEnabled = "export_code_scanning_config_enabled",
   ExportDiagnosticsEnabled = "export_diagnostics_enabled",
   MlPoweredQueriesEnabled = "ml_powered_queries_enabled",
+  QaTelemetryEnabled = "qa_telemetry_enabled",
   UploadFailedSarifEnabled = "upload_failed_sarif_enabled",
 }
 
@@ -76,6 +78,11 @@ export const featureConfig: Record<
     minimumVersion: "2.7.5",
     defaultValue: false,
   },
+  [Feature.QaTelemetryEnabled]: {
+    envVar: "CODEQL_ACTION_QA_TELEMETRY",
+    minimumVersion: undefined,
+    defaultValue: false,
+  },
   [Feature.UploadFailedSarifEnabled]: {
     envVar: "CODEQL_ACTION_UPLOAD_FAILED_SARIF",
     minimumVersion: "2.11.3",