feat: Small updates and add error contexts

Author: GeekMasher

Cargo.lock

@@ -21,6 +21,8 @@ thiserror = "2"
 dotenvy = "0.15"
 # Actions
 ghactions = { version = "^0.16", features = ["dotenvy", "log", "generate", "octocrab", "toolcache"] }
+ghactions-core = { version = "^0.16" }
+
 ghastoolkit = { version = "^0.8", features = ["toolcache"] }
 
 # GitHub API

Cargo.toml

@@ -15,6 +15,8 @@ inputs:
   language:
     description: Language(s) to use
     required: true
+  packs:
+    description: Query Packs to use
   codeql_version:
     description: CodeQL Version
     default: latest

action.yml

@@ -1,8 +1,8 @@
 #![allow(dead_code)]
-use anyhow::Result;
+use anyhow::{Context, Result};
 use ghactions::prelude::*;
 use ghactions_core::repository::reference::RepositoryReference as Repository;
-use ghastoolkit::codeql::CodeQLLanguage;
+use ghastoolkit::{CodeQL, codeql::CodeQLLanguage};
 
 /// This action is for 3rd party CodeQL extractors to be used in GitHub Actions
 #[derive(Actions, Debug, Clone, Default)]
@@ -36,6 +36,10 @@ pub struct Action {
     #[input(description = "Language(s) to use", split = ",", required = true)]
     language: Vec<String>,
 
+    /// Queries packs to use
+    #[input(description = "Query Packs to use", split = ",")]
+    packs: Vec<String>,
+
     /// CodeQL Version
     #[input(description = "CodeQL Version", default = "latest")]
     codeql_version: String,
@@ -101,9 +105,26 @@ impl Action {
     }
 
     pub fn codeql_version(&self) -> &str {
+        if self.codeql_version.is_empty() {
+            log::debug!("No CodeQL version provided, using the latest version");
+            return "latest";
+        }
         &self.codeql_version
     }
 
+    pub async fn install_packs(&self, codeql: &CodeQL) -> Result<()> {
+        log::info!("Installing CodeQL Packs");
+        for pack in &self.packs {
+            log::info!("Installing pack `{}`", pack);
+
+            codeql
+                .run(vec!["pack", "download", pack])
+                .await
+                .context(format!("Failed to download pack `{}`", pack))?;
+        }
+        Ok(())
+    }
+
     pub fn attestation(&self) -> bool {
         self.attestation
     }

src/action.rs

@@ -16,29 +16,36 @@ async fn main() -> Result<()> {
     let action = Action::init()?;
     debug!("Action :: {:?}", action);
 
-    group!("Setting up Extractor");
-
     let client = action.octocrab()?;
 
+    group!("Setting up CodeQL");
+
     let mut codeql = CodeQL::init()
         .build()
         .await
         .context("Failed to create CodeQL instance")?;
 
     if !codeql.is_installed().await {
         let codeql_version = action.codeql_version();
-        log::info!("CodeQL not installed, installing {}...", codeql_version);
-        codeql.install(&client, codeql_version).await?;
+        log::info!("CodeQL not installed, installing `{}`...", codeql_version);
+        codeql
+            .install(&client, codeql_version)
+            .await
+            .context("Failed to install CodeQL")?;
         log::info!("CodeQL installed");
     } else {
         log::info!("CodeQL already installed");
     }
+    // Packs installation
+    action.install_packs(&codeql).await?;
 
-    log::info!("CodeQL :: {:?}", codeql);
+    groupend!();
+    group!("Setting up Extractor");
 
     // Extractor
-    let extractor_repo = action.extractor_repository()?;
-    info!("Extractor Repository :: {}", extractor_repo);
+    let extractor_repo = action
+        .extractor_repository()
+        .context("Failed to get extractor repository")?;
 
     let extractor_path = PathBuf::from("./extractors");
     if !extractor_path.exists() {
@@ -57,9 +64,12 @@ async fn main() -> Result<()> {
     .context("Failed to fetch extractor")?;
     log::info!("Extractor :: {:?}", extractor);
 
-    codeql.append_search_path(extractor.display().to_string());
+    codeql.append_search_path(extractor);
 
-    let languages = codeql.get_languages().await?;
+    let languages = codeql
+        .get_languages()
+        .await
+        .context("Failed to get languages")?;
     log::info!("Languages :: {:#?}", languages);
 
     if !action.languages().is_empty() {
@@ -73,12 +83,14 @@ async fn main() -> Result<()> {
         log::info!("No languages provided, using all available languages");
     }
 
+    log::info!("CodeQL :: {:?}", codeql);
+
     groupend!();
 
     let databases = PathBuf::from("./.codeql");
     let sarif_output = databases.join("results");
 
-    std::fs::create_dir_all(&sarif_output)?;
+    std::fs::create_dir_all(&sarif_output).context("Failed to create results directory")?;
 
     for language in action.languages() {
         let group = format!("Running {} extractor", language.language());
@@ -94,29 +106,45 @@ async fn main() -> Result<()> {
             .source(".".to_string())
             .path(database_path.display().to_string())
             .language(language.language())
-            .build()?;
+            .build()
+            .context("Failed to create database")?;
 
         log::info!("Creating database...");
-        codeql.database(&database).overwrite().create().await?;
+        codeql
+            .database(&database)
+            .overwrite()
+            .create()
+            .await
+            .context("Failed to create database")?;
         log::info!("Created database :: {:?}", database);
 
+        // TODO: Queries
         let queries = CodeQLQueries::from(format!(
             "{}/{}-queries",
             extractor_repo.owner.clone(),
             language.language()
         ));
-        log::debug!("Queries :: {:?}", queries);
+        log::info!("Queries :: {:?}", queries);
 
         log::info!("Running analysis...");
-        if let Err(err) = codeql
+        match codeql
             .database(&database)
             .queries(queries)
             .output(sarif_path)
             .analyze()
             .await
         {
-            log::error!("Failed to analyze database: {:?}", err);
+            Ok(_) => {
+                log::info!("Analysis complete");
+            }
+            Err(ghastoolkit::GHASError::SerdeError(e)) => {
+                log::warn!("Failed to parse SARIF: {:?}", e);
+            }
+            Err(e) => {
+                log::error!("Failed to analyze database: {:?}", e);
+            }
         }
+
         log::info!("Analysis complete :: {:?}", database);
         groupend!();
     }