Merge pull request #2743 from github/update-v3.28.7-797fb30ed

Merge main into releases/v3

CHANGELOG.md

@@ -2,6 +2,10 @@
 
 See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs.
 
+## 3.28.7 - 29 Jan 2025
+
+No user facing changes.
+
 ## 3.28.6 - 27 Jan 2025
 
 - Re-enable debug artifact upload for CLI versions 2.20.3 or greater. [#2726](https://github.com/github/codeql-action/pull/2726)

package.json

@@ -1,6 +1,6 @@
 {
   "name": "codeql",
-  "version": "3.28.6",
+  "version": "3.28.7",
   "private": true,
   "description": "CodeQL action",
   "scripts": {

src/analyze-action.ts

@@ -202,6 +202,15 @@ async function run() {
   let didUploadTrapCaches = false;
   util.initializeEnvironment(actionsUtil.getActionVersion());
 
+  // Unset the CODEQL_PROXY_* environment variables, as they are not needed
+  // and can cause issues with the CodeQL CLI
+  // Check for CODEQL_PROXY_HOST: and if it is empty but set, unset it
+  if (process.env.CODEQL_PROXY_HOST === "") {
+    delete process.env.CODEQL_PROXY_HOST;
+    delete process.env.CODEQL_PROXY_PORT;
+    delete process.env.CODEQL_PROXY_CA_CERTIFICATE;
+  }
+
   // Make inputs accessible in the `post` step, details at
   // https://github.com/github/codeql-action/issues/2553
   actionsUtil.persistInputs();

src/start-proxy-action.ts

@@ -14,7 +14,6 @@ const UPDATEJOB_PROXY = "update-job-proxy";
 const UPDATEJOB_PROXY_VERSION = "v2.0.20241023203727";
 const UPDATEJOB_PROXY_URL_PREFIX =
   "https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.18.1/";
-const PROXY_USER = "proxy_user";
 const KEY_SIZE = 2048;
 const KEY_EXPIRY_YEARS = 2;
 
@@ -100,19 +99,23 @@ async function runWrapper() {
     actionsUtil.getOptionalInput("registries_credentials"),
     actionsUtil.getOptionalInput("language"),
   );
+
+  if (credentials.length === 0) {
+    logger.info("No credentials found, skipping proxy setup.");
+    return;
+  }
+
   logger.info(
     `Credentials loaded for the following registries:\n ${credentials
       .map((c) => credentialToStr(c))
       .join("\n")}`,
   );
 
   const ca = generateCertificateAuthority();
-  const proxyAuth = getProxyAuth();
 
   const proxyConfig: ProxyConfig = {
     all_credentials: credentials,
     ca,
-    proxy_auth: proxyAuth,
   };
 
   // Start the Proxy
@@ -181,18 +184,6 @@ async function startProxy(
   }
 }
 
-// getProxyAuth returns the authentication information for the proxy itself.
-function getProxyAuth(): BasicAuthCredentials | undefined {
-  const proxy_password = actionsUtil.getOptionalInput("proxy_password");
-  if (proxy_password) {
-    return {
-      username: PROXY_USER,
-      password: proxy_password,
-    };
-  }
-  return;
-}
-
 async function getProxyBinaryPath(): Promise<string> {
   const proxyFileName =
     process.platform === "win32" ? `${UPDATEJOB_PROXY}.exe` : UPDATEJOB_PROXY;

start-proxy/action.yml

@@ -9,9 +9,6 @@ inputs:
   registries_credentials:
     description: Base64 encoded JSON configuration for the URLs and credentials of the package registries
     required: false
-  proxy_password:
-    required: false
-    description: The password of the proxy
   token:
     description: GitHub token to use for authenticating with this instance of GitHub, used to upload debug artifacts.
     default: ${{ github.token }}