Hackathon: Create command to issue multi-queries

Need to add your PAT as a setting to codeQL.cli.personalAccessToken.
Make sure to create a new PAT for this and assign `repo` privileges so
that it can dispatch actions.

Author: aeisenberg

extensions/ql-vscode/package-lock.json

@@ -186,6 +186,10 @@
         "command": "codeQL.runQueries",
         "title": "CodeQL: Run Queries in Selected Files"
       },
+      {
+        "command": "codeQL.scheduleMultiQuery",
+        "title": "CodeQL: Schedule Multi-Query"
+      },
       {
         "command": "codeQL.quickEval",
         "title": "CodeQL: Quick Evaluation"
@@ -534,6 +538,10 @@
           "command": "codeQL.runQuery",
           "when": "resourceLangId == ql && resourceExtname == .ql"
         },
+        {
+          "command": "codeQL.scheduleMultiQuery",
+          "when": "resourceLangId == ql && resourceExtname == .ql"
+        },
         {
           "command": "codeQL.runQueries",
           "when": "false"
@@ -656,6 +664,10 @@
           "command": "codeQL.runQuery",
           "when": "editorLangId == ql && resourceExtname == .ql"
         },
+        {
+          "command": "codeQL.scheduleMultiQuery",
+          "when": "editorLangId == ql && resourceExtname == .ql"
+        },
         {
           "command": "codeQL.quickEval",
           "when": "editorLangId == ql"
@@ -694,7 +706,7 @@
       },
       {
         "view": "codeQLQueryHistory",
-        "contents": "Run the 'CodeQL: Run Query' command on a QL query.\n[Run Query](command:codeQL.runQuery)"
+        "contents": "Run the 'CodeQL: Run Query' command on a QL query.\n[Run Query](command:codeQL.runQuery)\n[Schedule Multi-Query](command:codeQL.scheduleMultiQuery)"
       },
       {
         "view": "codeQLDatabases",
@@ -730,6 +742,7 @@
     "tmp-promise": "~3.0.2",
     "tree-kill": "~1.2.2",
     "unzipper": "~0.10.5",
+    "uuid": "^8.3.2",
     "vscode-jsonrpc": "^5.0.1",
     "vscode-languageclient": "^6.1.3",
     "vscode-test-adapter-api": "~1.7.0",
@@ -761,6 +774,7 @@
     "@types/through2": "^2.0.36",
     "@types/tmp": "^0.1.0",
     "@types/unzipper": "~0.10.1",
+    "@types/uuid": "^8.3.0",
     "@types/vscode": "^1.43.0",
     "@types/webpack": "^4.32.1",
     "@types/xml2js": "~0.4.4",

extensions/ql-vscode/package.json

@@ -44,7 +44,7 @@ const ROOT_SETTING = new Setting('codeQL');
 const DISTRIBUTION_SETTING = new Setting('cli', ROOT_SETTING);
 const CUSTOM_CODEQL_PATH_SETTING = new Setting('executablePath', DISTRIBUTION_SETTING);
 const INCLUDE_PRERELEASE_SETTING = new Setting('includePrerelease', DISTRIBUTION_SETTING);
-const PERSONAL_ACCESS_TOKEN_SETTING = new Setting('personalAccessToken', DISTRIBUTION_SETTING);
+export const PERSONAL_ACCESS_TOKEN_SETTING = new Setting('personalAccessToken', DISTRIBUTION_SETTING);
 const QUERY_HISTORY_SETTING = new Setting('queryHistory', ROOT_SETTING);
 const QUERY_HISTORY_FORMAT_SETTING = new Setting('format', QUERY_HISTORY_SETTING);
 

extensions/ql-vscode/src/config.ts

@@ -59,6 +59,7 @@ import { QLTestAdapterFactory } from './test-adapter';
 import { TestUIService } from './test-ui';
 import { CompareInterfaceManager } from './compare/compare-interface';
 import { gatherQlFiles } from './pure/files';
+import runMultiQuery from './runMultiQuery';
 
 /**
  * extension.ts
@@ -592,6 +593,13 @@ async function activateWithInstalledDistribution(
     )
   );
 
+  ctx.subscriptions.push(
+    helpers.commandRunner('codeQL.scheduleMultiQuery', async (
+      uri: Uri | undefined
+    ) => {
+      runMultiQuery(uri || window.activeTextEditor?.document.uri);
+    })
+  );
   ctx.subscriptions.push(
     helpers.commandRunner('codeQL.restartQueryServer', async () => {
       await qs.restartQueryServer();

extensions/ql-vscode/src/extension.ts

@@ -0,0 +1,72 @@
+import { Uri, workspace } from 'vscode';
+import * as yaml from 'js-yaml';
+import * as fs from 'fs-extra';
+import * as path from 'path';
+import fetch from 'node-fetch';
+import { showAndLogErrorMessage, showAndLogInformationMessage } from './helpers';
+import { PERSONAL_ACCESS_TOKEN_SETTING } from './config';
+
+// const BASE_URL = 'https://api.github.com/repos/dsp-testing/multi-repo-queries/actions/workflows/run-multi-query.yml/dispatches';
+const API_URL = 'https://cbraynor-3be288ce6.service.bpdev-us-east-1.github.net/api/v3/repos/hackathon/run-queries/actions/workflows/run-multi-query.yml/dispatches';
+const VIEW_URL_BASE = 'https://cbraynor-3be288ce6.service.bpdev-us-east-1.github.net/hackathon/run-queries/';
+
+
+interface Config {
+  repositories: string[];
+  ref?: string;
+  language: string;
+}
+
+export default async function runMultiQuery(uri?: Uri) {
+  if (!uri || !uri.fsPath.endsWith('.ql')) {
+    return;
+  }
+
+  const token = PERSONAL_ACCESS_TOKEN_SETTING.getValue();
+  if (!token) {
+    showAndLogErrorMessage('Missing PAT for dispatching the actions run. Add a "codeQL.cli.personalAccessToken" user setting with your PAT in it.');
+    return;
+  }
+
+  const queryFile = uri.fsPath;
+  const query = await fs.readFile(queryFile, 'utf8');
+
+  const repositoriesFile = queryFile.substring(0, queryFile.length - '.ql'.length) + '.repositories';
+  if (!(await fs.pathExists(repositoriesFile))) {
+    showAndLogErrorMessage(`Missing file: '${repositoriesFile}' to specify the repositories to run against.`);
+    return;
+  }
+
+  const config = yaml.safeLoad(await fs.readFile(repositoriesFile, 'utf8')) as Config;
+
+  const ref = config.ref || 'main';
+  const language = config.language;
+  const repositories = JSON.stringify(config.repositories);
+  const queryRunGuid = `${path.basename(queryFile)}-${Date.now()}`;
+
+  const apiUrl = workspace.getConfiguration('codeQL.cli').get('multiQueryBaseUrl', API_URL);
+  const viewUrl = workspace.getConfiguration('codeQL.cli').get('multiQueryViewUrl', VIEW_URL_BASE);
+
+  const result = await fetch(apiUrl, {
+    method: 'POST',
+    headers: {
+      Accept: 'application/vnd.github.v3+json',
+      Authorization: `token ${token}`
+    },
+    body: JSON.stringify({
+      ref,
+      inputs: {
+        language,
+        repositories,
+        query,
+        'query_run_guid': queryRunGuid
+      }
+    })
+  });
+
+  if (result.ok) {
+    showAndLogInformationMessage(`Successfully scheduled runs. [Check it out here](${viewUrl}/security/code-scanning?query=tool%3A${queryRunGuid})`);
+  } else {
+    showAndLogErrorMessage(`Failed to schedule run: ${result.status} ${result.statusText}`);
+  }
+}