@@ -8,7 +8,7 @@ import * as sinon from "sinon";
88
99import * as actionsUtil from "./actions-util" ;
1010import * as gitUtils from "./git-utils" ;
11- import { setupActionsVars , setupTests } from "./testing-utils" ;
11+ import { setupActionsVars , setupTests , SHA256_GITHUB_SHA } from "./testing-utils" ;
1212import { withTmpDir } from "./util" ;
1313
1414setupTests ( test ) ;
@@ -193,6 +193,94 @@ test.serial(
193193 } ,
194194) ;
195195
196+ test . serial (
197+ "getRef() returns merge PR ref if GITHUB_SHA still checked out (SHA-256)" ,
198+ async ( t ) => {
199+ await withTmpDir ( async ( tmpDir : string ) => {
200+ setupActionsVars ( tmpDir , tmpDir ) ;
201+ const expectedRef = "refs/pull/1/merge" ;
202+ const currentSha = "a" . repeat ( 64 ) ;
203+ process . env [ "GITHUB_REF" ] = expectedRef ;
204+ process . env [ "GITHUB_SHA" ] = currentSha ;
205+
206+ const callback = sinon . stub ( gitUtils , "getCommitOid" ) ;
207+ callback . withArgs ( "HEAD" ) . resolves ( currentSha ) ;
208+
209+ const actualRef = await gitUtils . getRef ( ) ;
210+ t . deepEqual ( actualRef , expectedRef ) ;
211+ callback . restore ( ) ;
212+ } ) ;
213+ } ,
214+ ) ;
215+
216+ test . serial (
217+ "getRef() returns merge PR ref if GITHUB_REF still checked out but sha has changed (actions checkout@v1) (SHA-256)" ,
218+ async ( t ) => {
219+ await withTmpDir ( async ( tmpDir : string ) => {
220+ setupActionsVars ( tmpDir , tmpDir ) ;
221+ const expectedRef = "refs/pull/1/merge" ;
222+ process . env [ "GITHUB_REF" ] = expectedRef ;
223+ process . env [ "GITHUB_SHA" ] = "b" . repeat ( 64 ) ;
224+ const sha = "a" . repeat ( 64 ) ;
225+
226+ const callback = sinon . stub ( gitUtils , "getCommitOid" ) ;
227+ callback . withArgs ( "refs/remotes/pull/1/merge" ) . resolves ( sha ) ;
228+ callback . withArgs ( "HEAD" ) . resolves ( sha ) ;
229+
230+ const actualRef = await gitUtils . getRef ( ) ;
231+ t . deepEqual ( actualRef , expectedRef ) ;
232+ callback . restore ( ) ;
233+ } ) ;
234+ } ,
235+ ) ;
236+
237+ test . serial (
238+ "getRef() returns head PR ref if GITHUB_REF no longer checked out (SHA-256)" ,
239+ async ( t ) => {
240+ await withTmpDir ( async ( tmpDir : string ) => {
241+ setupActionsVars ( tmpDir , tmpDir ) ;
242+ process . env [ "GITHUB_REF" ] = "refs/pull/1/merge" ;
243+ process . env [ "GITHUB_SHA" ] = "a" . repeat ( 64 ) ;
244+
245+ const callback = sinon . stub ( gitUtils , "getCommitOid" ) ;
246+ callback . withArgs ( tmpDir , "refs/pull/1/merge" ) . resolves ( "a" . repeat ( 64 ) ) ;
247+ callback . withArgs ( tmpDir , "HEAD" ) . resolves ( "b" . repeat ( 64 ) ) ;
248+
249+ const actualRef = await gitUtils . getRef ( ) ;
250+ t . deepEqual ( actualRef , "refs/pull/1/head" ) ;
251+ callback . restore ( ) ;
252+ } ) ;
253+ } ,
254+ ) ;
255+
256+ test . serial (
257+ "getRef() returns ref provided as an input and ignores current HEAD (SHA-256)" ,
258+ async ( t ) => {
259+ await withTmpDir ( async ( tmpDir : string ) => {
260+ setupActionsVars ( tmpDir , tmpDir ) ;
261+ const getAdditionalInputStub = sinon . stub (
262+ actionsUtil ,
263+ "getOptionalInput" ,
264+ ) ;
265+ getAdditionalInputStub . withArgs ( "ref" ) . resolves ( "refs/pull/2/merge" ) ;
266+ getAdditionalInputStub . withArgs ( "sha" ) . resolves ( "b" . repeat ( 64 ) ) ;
267+
268+ // These values are be ignored
269+ process . env [ "GITHUB_REF" ] = "refs/pull/1/merge" ;
270+ process . env [ "GITHUB_SHA" ] = "a" . repeat ( 64 ) ;
271+
272+ const callback = sinon . stub ( gitUtils , "getCommitOid" ) ;
273+ callback . withArgs ( "refs/pull/1/merge" ) . resolves ( "b" . repeat ( 64 ) ) ;
274+ callback . withArgs ( "HEAD" ) . resolves ( "b" . repeat ( 64 ) ) ;
275+
276+ const actualRef = await gitUtils . getRef ( ) ;
277+ t . deepEqual ( actualRef , "refs/pull/2/merge" ) ;
278+ callback . restore ( ) ;
279+ getAdditionalInputStub . restore ( ) ;
280+ } ) ;
281+ } ,
282+ ) ;
283+
196284test . serial ( "isAnalyzingDefaultBranch()" , async ( t ) => {
197285 process . env [ "GITHUB_EVENT_NAME" ] = "push" ;
198286 process . env [ "CODE_SCANNING_IS_ANALYZING_DEFAULT_BRANCH" ] = "true" ;
@@ -305,6 +393,27 @@ test.serial("determineBaseBranchHeadCommitOid other error", async (t) => {
305393 infoStub . restore ( ) ;
306394} ) ;
307395
396+ test . serial (
397+ "determineBaseBranchHeadCommitOid returns baseOid for SHA-256 merge commit" ,
398+ async ( t ) => {
399+ const mergeSha = "a" . repeat ( 64 ) ;
400+ const baseOid = "b" . repeat ( 64 ) ;
401+ const headOid = "c" . repeat ( 64 ) ;
402+
403+ process . env [ "GITHUB_EVENT_NAME" ] = "pull_request" ;
404+ process . env [ "GITHUB_SHA" ] = mergeSha ;
405+
406+ sinon
407+ . stub ( gitUtils as any , "runGitCommand" )
408+ . resolves (
409+ `commit ${ mergeSha } ${ baseOid } ${ headOid } ,
410+ ) ;
411+
412+ const result = await gitUtils . determineBaseBranchHeadCommitOid ( __dirname ) ;
413+ t . deepEqual ( result , baseOid ) ;
414+ } ,
415+ ) ;
416+
308417test . serial ( "decodeGitFilePath unquoted strings" , async ( t ) => {
309418 t . deepEqual ( gitUtils . decodeGitFilePath ( "foo" ) , "foo" ) ;
310419 t . deepEqual ( gitUtils . decodeGitFilePath ( "foo bar" ) , "foo bar" ) ;
@@ -482,6 +591,61 @@ test.serial(
482591 } ,
483592) ;
484593
594+ test . serial (
595+ "getFileOidsUnderPath handles SHA-256 OIDs (64-char)" ,
596+ async ( t ) => {
597+ await withTmpDir ( async ( tmpDir ) => {
598+ sinon
599+ . stub ( gitUtils as any , "runGitCommand" )
600+ . callsFake ( async ( _cwd : any , args : any ) => {
601+ if ( args [ 0 ] === "rev-parse" ) {
602+ return `${ tmpDir } ;
603+ }
604+ return (
605+ "100644 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2c0d4b7e8f9a1234567890ab 0\tlib/git-utils.js\n" +
606+ "100644 aabbccddeeff00112233445566778899aabbccddeeff00112233445566778899 0\tsrc/git-utils.ts"
607+ ) ;
608+ } ) ;
609+
610+ const result = await gitUtils . getFileOidsUnderPath ( "/fake/path" ) ;
611+
612+ t . deepEqual ( result , {
613+ "lib/git-utils.js" :
614+ "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2c0d4b7e8f9a1234567890ab" ,
615+ "src/git-utils.ts" :
616+ "aabbccddeeff00112233445566778899aabbccddeeff00112233445566778899" ,
617+ } ) ;
618+ } ) ;
619+ } ,
620+ ) ;
621+
622+ test . serial (
623+ "getFileOidsUnderPath handles mixed SHA-1 and SHA-256 OIDs" ,
624+ async ( t ) => {
625+ await withTmpDir ( async ( tmpDir ) => {
626+ sinon
627+ . stub ( gitUtils as any , "runGitCommand" )
628+ . callsFake ( async ( _cwd : any , args : any ) => {
629+ if ( args [ 0 ] === "rev-parse" ) {
630+ return `${ tmpDir } ;
631+ }
632+ return (
633+ "100644 30d998ded095371488be3a729eb61d86ed721a18 0\tlib/sha1-file.js\n" +
634+ "100644 aabbccddeeff00112233445566778899aabbccddeeff00112233445566778899 0\tsrc/sha256-file.ts"
635+ ) ;
636+ } ) ;
637+
638+ const result = await gitUtils . getFileOidsUnderPath ( "/fake/path" ) ;
639+
640+ t . deepEqual ( result , {
641+ "lib/sha1-file.js" : "30d998ded095371488be3a729eb61d86ed721a18" ,
642+ "src/sha256-file.ts" :
643+ "aabbccddeeff00112233445566778899aabbccddeeff00112233445566778899" ,
644+ } ) ;
645+ } ) ;
646+ } ,
647+ ) ;
648+
485649test . serial (
486650 "getGitVersionOrThrow returns version for valid git output" ,
487651 async ( t ) => {
0 commit comments