infrastructure/actions
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

initial commit of actions

Browse source
This commit is contained in:
Dominik Polakovics Polakovics 2026-01-31 18:56:04 +01:00
commit 949ece5785
44660 changed files with 12034344 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

217
github/codeql-action-v1/python-setup/auto_install_packages.py Executable file
View file

@ -0,0 +1,217 @@
#!/usr/bin/env python3
import sys
import os
import subprocess
from tempfile import mkdtemp
from typing import Optional
import shutil
import extractor_version
def _check_call(command, extra_env={}):
print('+ {}'.format(' '.join(command)), flush=True)
env = os.environ.copy()
env.update(extra_env)
subprocess.check_call(command, stdin=subprocess.DEVNULL, env=env)
sys.stdout.flush()
sys.stderr.flush()
def _check_output(command, extra_env={}):
print('+ {}'.format(' '.join(command)), flush=True)
env = os.environ.copy()
env.update(extra_env)
out = subprocess.check_output(command, stdin=subprocess.DEVNULL, env=env)
print(out, flush=True)
sys.stderr.flush()
return out
def install_packages_with_poetry():
extra_poetry_env = {
# To handle poetry 1.2, which started to use keyring interaction MUCH more, we need
# add a workaround. See
# https://github.com/python-poetry/poetry/issues/2692#issuecomment-1235683370
"PYTHON_KEYRING_BACKEND": "keyring.backends.null.Keyring",
# Projects that specify `virtualenvs.in-project = true` in their poetry.toml
# would get the venv created inside the repo directory, which would cause CodeQL
# to consider it as user-written code. We don't want this to happen. see
# https://python-poetry.org/docs/configuration/#virtualenvsin-project
"POETRY_VIRTUALENVS_IN_PROJECT": "False",
}
command = [sys.executable, '-m', 'poetry']
if sys.platform.startswith('win32'):
# In windows the default path were the deps are installed gets wiped out between steps,
# so we have to set it up to a folder that will be kept
os.environ['POETRY_VIRTUALENVS_PATH'] = os.path.join(os.environ['RUNNER_WORKSPACE'], 'virtualenvs')
try:
_check_call(command + ['install', '--no-root'], extra_env=extra_poetry_env)
except subprocess.CalledProcessError:
sys.exit('package installation with poetry failed, see error above')
# poetry is super annoying with `poetry run`, since it will put lots of output on
# STDOUT if the current global python interpreter is not matching the one in the
# virtualenv for the package, which was the case for using poetry for Python 2 when
# default system interpreter was Python 3 :/
poetry_out = _check_output(command + ['run', 'which', 'python'], extra_env=extra_poetry_env)
python_executable_path = poetry_out.decode('utf-8').splitlines()[-1]
if sys.platform.startswith('win32'):
# Poetry produces a path that starts by /d instead of D:\ and Windows doesn't like that way of specifying the drive letter.
# We completely remove it because it is not needed as everything is in the same drive (We are installing the dependencies in the RUNNER_WORKSPACE)
python_executable_path = python_executable_path[2:]
return python_executable_path
def install_packages_with_pipenv(has_lockfile):
command = [sys.executable, '-m', 'pipenv']
if sys.platform.startswith('win32'):
# In windows the default path were the deps are installed gets wiped out between steps,
# so we have to set it up to a folder that will be kept
os.environ['WORKON_HOME'] = os.path.join(os.environ['RUNNER_WORKSPACE'], 'virtualenvs')
lock_args = ['--keep-outdated', '--ignore-pipfile'] if has_lockfile else ['--skip-lock']
try:
_check_call(command + ['install'] + lock_args)
except subprocess.CalledProcessError:
sys.exit('package installation with pipenv failed, see error above')
pipenv_out = _check_output(command + ['run', 'which', 'python'])
python_executable_path = pipenv_out.decode('utf-8').splitlines()[-1]
if sys.platform.startswith('win32'):
# Pipenv produces a path that starts by /d instead of D:\ and Windows doesn't like that way of specifying the drive letter.
# We completely remove it because it is not needed as everything is in the same drive (We are installing the dependencies in the RUNNER_WORKSPACE)
python_executable_path = python_executable_path[2:]
return python_executable_path
def _create_venv(version: int):
# create temporary directory ... that just lives "forever"
venv_path = os.path.join(os.environ['RUNNER_WORKSPACE'], 'codeql-action-python-autoinstall')
print ("Creating venv in " + venv_path, flush = True)
# virtualenv is a bit nicer for setting up virtual environment, since it will provide
# up-to-date versions of pip/setuptools/wheel which basic `python3 -m venv venv` won't
if sys.platform.startswith('win32'):
if version == 2:
_check_call(['py', '-2', '-m', 'virtualenv', venv_path])
elif version == 3:
_check_call(['py', '-3', '-m', 'virtualenv', venv_path])
else:
if version == 2:
_check_call(['python2', '-m', 'virtualenv', venv_path])
elif version == 3:
_check_call(['python3', '-m', 'virtualenv', venv_path])
return venv_path
def install_requirements_txt_packages(version: int):
venv_path = _create_venv(version)
venv_pip = os.path.join(venv_path, 'bin', 'pip')
venv_python = os.path.join(venv_path, 'bin', 'python')
if sys.platform.startswith('win32'):
venv_pip = os.path.join(venv_path, 'Scripts', 'pip')
venv_python = os.path.join(venv_path, 'Scripts', 'python')
try:
_check_call([venv_pip, 'install', '-r', 'requirements.txt'])
except subprocess.CalledProcessError:
sys.exit('package installation with `pip install -r requirements.txt` failed, see error above')
return venv_python
def install_with_setup_py(version: int):
venv_path = _create_venv(version)
venv_pip = os.path.join(venv_path, 'bin', 'pip')
venv_python = os.path.join(venv_path, 'bin', 'python')
if sys.platform.startswith('win32'):
venv_pip = os.path.join(venv_path, 'Scripts', 'pip')
venv_python = os.path.join(venv_path, 'Scripts', 'python')
try:
# We have to choose between `python setup.py develop` and `pip install -e .`.
# Modern projects use `pip install -e .` and I wasn't able to see any downsides
# to doing so. However, `python setup.py develop` has some downsides -- from
# https://stackoverflow.com/a/19048754 :
# > Note that it is highly recommended to use pip install . (install) and pip
# > install -e . (developer install) to install packages, as invoking setup.py
# > directly will do the wrong things for many dependencies, such as pull
# > prereleases and incompatible package versions, or make the package hard to
# > uninstall with pip.
_check_call([venv_pip, 'install', '-e', '.'])
except subprocess.CalledProcessError:
sys.exit('package installation with `pip install -e .` failed, see error above')
return venv_python
def install_packages(codeql_base_dir) -> Optional[str]:
if os.path.exists('poetry.lock'):
print('Found poetry.lock, will install packages with poetry', flush=True)
return install_packages_with_poetry()
if os.path.exists('Pipfile') or os.path.exists('Pipfile.lock'):
if os.path.exists('Pipfile.lock'):
print('Found Pipfile.lock, will install packages with Pipenv', flush=True)
return install_packages_with_pipenv(has_lockfile=True)
else:
print('Found Pipfile, will install packages with Pipenv', flush=True)
return install_packages_with_pipenv(has_lockfile=False)
# get_extractor_version returns the Python version the extractor thinks this repo is using
version = extractor_version.get_extractor_version(codeql_base_dir, quiet=False)
sys.stdout.flush()
sys.stderr.flush()
if version == 2 and not sys.platform.startswith('win32'):
# On Ubuntu 22.04 'python2' is not available by default. We want to give a slightly better
# error message than a traceback + `No such file or directory: 'python2'`
if shutil.which("python2") is None:
sys.exit(
"Python package installation failed: we detected this code as Python 2, but the 'python2' executable was not available. "
"To enable automatic package installation, please install 'python2' before the 'github/codeql-action/init' step, "
"for example by running 'sudo apt install python2' (Ubuntu 22.04). "
"If your code is not Python 2, but actually Python 3, please file a bug report at https://github.com/github/codeql-action/issues/new"
)
if os.path.exists('requirements.txt'):
print('Found requirements.txt, will install packages with pip', flush=True)
return install_requirements_txt_packages(version)
if os.path.exists('setup.py'):
print('Found setup.py, will install package with pip in editable mode', flush=True)
return install_with_setup_py(version)
print("was not able to install packages automatically", flush=True)
return None
if __name__ == "__main__":
if len(sys.argv) != 2:
sys.exit('Must provide base directory for codeql tool as only argument')
codeql_base_dir = sys.argv[1]
python_executable_path = install_packages(codeql_base_dir)
if python_executable_path is not None:
# see https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-commands-for-github-actions#setting-an-environment-variable
env_file = open(os.environ["GITHUB_ENV"], mode="at")
print("Setting CODEQL_PYTHON={}".format(python_executable_path))
print("CODEQL_PYTHON={}".format(python_executable_path), file=env_file)

52
github/codeql-action-v1/python-setup/extractor_version.py Executable file
View file

@ -0,0 +1,52 @@
#!/usr/bin/env python
# A quick hack to get package installation for Code Scanning to work,
# since it needs to know which version we're going to analyze the project as.
# This file needs to be placed next to `python_tracer.py`, so in
# `<codeql-path>/python/tools/`
from __future__ import print_function, division
import os
import sys
from contextlib import contextmanager
@contextmanager
def suppress_stdout_stderr():
# taken from
# https://thesmithfam.org/blog/2012/10/25/temporarily-suppress-console-output-in-python/
with open(os.devnull, "w") as devnull:
old_stdout = sys.stdout
old_stderr = sys.stderr
sys.stdout = devnull
sys.stderr = devnull
try:
yield
finally:
sys.stdout = old_stdout
sys.stderr = old_stderr
def get_extractor_version(codeql_base_dir: str, quiet: bool = True) -> int:
extractor_dir = os.path.join(codeql_base_dir, 'python', 'tools')
sys.path = [extractor_dir] + sys.path
from python_tracer import getzipfilename
zippath = os.path.join(extractor_dir, getzipfilename())
sys.path = [zippath] + sys.path
import buildtools.discover
if quiet:
with suppress_stdout_stderr():
return buildtools.discover.get_version()
else:
return buildtools.discover.get_version()
if __name__ == "__main__":
codeql_base_dir = sys.argv[1]
version = get_extractor_version(codeql_base_dir)
print('{!r}'.format(version))

34
github/codeql-action-v1/python-setup/find_site_packages.py Normal file
View file

@ -0,0 +1,34 @@
"""
Print the path to the site-packages directory for the current Python environment.
"""
from __future__ import print_function
try:
import pip
import os
print(os.path.dirname(os.path.dirname(pip.__file__)))
except ImportError:
import sys
print("DEBUG: could not import pip", file=sys.stderr)
# if you use poetry with `virtualenvs.options.no-pip = true` you might end up with a
# virtualenv without pip, so the above trick doesn't actually work. See
# https://python-poetry.org/docs/configuration/#virtualenvsoptionsno-pip
#
# A possible option is to install `pip` into the virtualenv created by poetry
# (`poetry add pip`), but it turns out that doesn't always work :( for the test
# poetry/requests-3, I was not allowed to install pip! So I did not pursue this
# option further.
#
# Instead, testing `site.getsitepackages()` contains has the right path, whereas
# `site.getusersitepackages()` is about the system python (very confusing).
#
# We can't use the environment variable POETRY_VIRTUALENVS_OPTIONS_NO_PIP because it
# does not work, see https://github.com/python-poetry/poetry/issues/5906
import site
if sys.platform.startswith("win32"):
# On windows, the last entry of `site.getsitepackages()` has the right path
print(site.getsitepackages()[-1])
else:
# on unix, the first entry of `site.getsitepackages()` has the right path
print(site.getsitepackages()[0])

12
github/codeql-action-v1/python-setup/install_tools.ps1 Normal file
View file

@ -0,0 +1,12 @@
#! /usr/bin/pwsh
py -2 -m pip install --user --upgrade pip setuptools wheel
py -3 -m pip install --user --upgrade pip setuptools wheel
# virtualenv is a bit nicer for setting up virtual environment, since it will provide up-to-date versions of
# pip/setuptools/wheel which basic `python3 -m venv venv` won't
py -2 -m pip install --user 'virtualenv!=20.12.0'
py -3 -m pip install --user virtualenv
py -3 -m pip install --user "poetry>=1.1"
py -3 -m pip install --user pipenv

50
github/codeql-action-v1/python-setup/install_tools.sh Executable file
View file

@ -0,0 +1,50 @@
#!/bin/sh
set -x
set -e
# The binaries for packages installed with `pip install --user` are not available on PATH
# by default, so we fix up PATH to suppress warnings by pip. This also needs to be done by
# any script that needs to access poetry/pipenv.
#
# Using `::add-path::` from the actions toolkit is not enough, since that only affects
# subsequent actions in the current job, and not the current action.
export PATH="$HOME/.local/bin:$PATH"
# Setup Python 3 dependency installation tools.
python3 -m pip install --user --upgrade pip setuptools wheel
# virtualenv is a bit nicer for setting up virtual environment, since it will provide
# up-to-date versions of pip/setuptools/wheel which basic `python3 -m venv venv` won't.
#
# version 20.16.5 (Python 3 only) had some problems when used together with newer
# versions of setuptools (60+) and would not always put binaries under `<venv-path>/bin`
# -- see https://github.com/github/codeql-action/issues/1249 for more details.
python3 -m pip install --user --upgrade 'virtualenv>20.16.5'
# We install poetry with pip instead of the recommended way, since the recommended way
# caused some problem since `poetry run` gives output like:
#
# /root/.poetry/lib/poetry/_vendor/py2.7/subprocess32.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
# "program uses threads.", RuntimeWarning)
# LGTM_PYTHON_SETUP_VERSION=The currently activated Python version 2.7.18 is not supported by the project (^3.5). Trying to find and use a compatible version. Using python3 (3.8.2) 3
python3 -m pip install --user "poetry>=1.1"
python3 -m pip install --user pipenv
if command -v python2 >/dev/null 2>&1; then
# Setup Python 2 dependency installation tools. The Ubuntu 20.04 GHA environment
# does not come with a Python 2 pip, but if it is already installed, don't try to
# install it again (since that causes problems).
#
# This might seem like a hypothetical situation, but it happens all the time in our
# internal testing where we run the action twice in a row.
if ! python2 -m pip --version; then
echo "Will install pip for python2"
curl --location --fail https://bootstrap.pypa.io/pip/2.7/get-pip.py | python2
fi
python2 -m pip install --user --upgrade pip setuptools wheel
python2 -m pip install --user 'virtualenv!=20.12.0'
fi

28
github/codeql-action-v1/python-setup/tests/check_requests_2_26_0.ps1 Normal file
View file

@ -0,0 +1,28 @@
#! /usr/bin/pwsh
$EXPECTED_VERSION=$args[0]
$FOUND_VERSION="$Env:LGTM_PYTHON_SETUP_VERSION"
$FOUND_PYTHONPATH="$Env:LGTM_INDEX_IMPORT_PATH"
write-host "FOUND_VERSION=$FOUND_VERSION FOUND_PYTHONPATH=$FOUND_PYTHONPATH "
if ($FOUND_VERSION -ne $EXPECTED_VERSION) {
write-host "Script told us to use Python $FOUND_VERSION, but expected $EXPECTED_VERSION"
exit 1
} else {
write-host "Script told us to use Python $FOUND_VERSION, which was expected"
}
$env:PYTHONPATH=$FOUND_PYTHONPATH
$INSTALLED_REQUESTS_VERSION = (py -3 -c "import requests; print(requests.__version__)")
$EXPECTED_REQUESTS="2.26.0"
if ($INSTALLED_REQUESTS_VERSION -ne $EXPECTED_REQUESTS) {
write-host "Using $FOUND_PYTHONPATH as PYTHONPATH, we found version $INSTALLED_REQUESTS_VERSION of requests, but expected $EXPECTED_REQUESTS"
exit 1
} else {
write-host "Using $FOUND_PYTHONPATH as PYTHONPATH, we found version $INSTALLED_REQUESTS_VERSION of requests, which was expected"
}

32
github/codeql-action-v1/python-setup/tests/check_requests_2_26_0.sh Executable file
View file

@ -0,0 +1,32 @@
#!/bin/bash
set -e
SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
EXPECTED_VERSION=$1
FOUND_VERSION="$LGTM_PYTHON_SETUP_VERSION"
FOUND_PYTHONPATH="$LGTM_INDEX_IMPORT_PATH"
echo "FOUND_VERSION=${FOUND_VERSION} FOUND_PYTHONPATH=${FOUND_PYTHONPATH} "
if [[ $FOUND_VERSION != $EXPECTED_VERSION ]]; then
echo "Script told us to use Python ${FOUND_VERSION}, but expected ${EXPECTED_VERSION}"
exit 1
else
echo "Script told us to use Python ${FOUND_VERSION}, which was expected"
fi
PYTHON_EXE="python${EXPECTED_VERSION}"
INSTALLED_REQUESTS_VERSION=$(PYTHONPATH="${FOUND_PYTHONPATH}" "${PYTHON_EXE}" -c 'import requests; print(requests.__version__)')
EXPECTED_REQUESTS="2.26.0"
if [[ "$INSTALLED_REQUESTS_VERSION" != "$EXPECTED_REQUESTS" ]]; then
echo "Using ${FOUND_PYTHONPATH} as PYTHONPATH, we found version $INSTALLED_REQUESTS_VERSION of requests, but expected $EXPECTED_REQUESTS"
exit 1
else
echo "Using ${FOUND_PYTHONPATH} as PYTHONPATH, we found version $INSTALLED_REQUESTS_VERSION of requests, which was expected"
fi

34
github/codeql-action-v1/python-setup/tests/from_python_exe.py Executable file
View file

@ -0,0 +1,34 @@
#!/usr/bin/env python3
import sys
import os
import subprocess
from typing import Tuple
def get_details(path_to_python_exe: str) -> Tuple[str, str]:
import_path = subprocess.check_output(
[
path_to_python_exe,
os.path.join(os.path.dirname(__file__), "..", "find_site_packages.py")
],
stdin=subprocess.DEVNULL,
)
version = subprocess.check_output(
[path_to_python_exe, "-c", "import sys; print(sys.version_info[0])"],
stdin=subprocess.DEVNULL,
)
return version.decode("utf-8").strip(), import_path.decode("utf-8").strip()
if __name__ == "__main__":
version, import_path = get_details(sys.argv[1])
# see https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-commands-for-github-actions#setting-an-environment-variable
env_file = open(os.environ["GITHUB_ENV"], mode="at")
print("Setting LGTM_PYTHON_SETUP_VERSION={}".format(version))
print("LGTM_PYTHON_SETUP_VERSION={}".format(version), file=env_file)
print("Setting LGTM_INDEX_IMPORT_PATH={}".format(import_path))
print("LGTM_INDEX_IMPORT_PATH={}".format(import_path), file=env_file)

12
github/codeql-action-v1/python-setup/tests/pipenv/python-3.8/Pipfile Normal file
View file

@ -0,0 +1,12 @@
[[source]]
name = "pypi"
url = "https://pypi.org/simple"
verify_ssl = true
[dev-packages]
[packages]
requests = "*"
[requires]
python_version = "3.8"

61
github/codeql-action-v1/python-setup/tests/pipenv/python-3.8/Pipfile.lock generated Normal file
View file

@ -0,0 +1,61 @@
{
"_meta": {
"hash": {
"sha256": "acbc8c4e7f2f98f1059b2a93d581ef43f4aa0c9741e64e6253adff8e35fbd99e"
},
"pipfile-spec": 6,
"requires": {
"python_version": "3.8"
},
"sources": [
{
"name": "pypi",
"url": "https://pypi.org/simple",
"verify_ssl": true
}
]
},
"default": {
"certifi": {
"hashes": [
"sha256:35824b4c3a97115964b408844d64aa14db1cc518f6562e8d7261699d1350a9e3",
"sha256:4ad3232f5e926d6718ec31cfc1fcadfde020920e278684144551c91769c7bc18"
],
"index": "pypi",
"version": "==2022.12.7"
},
"charset-normalizer": {
"hashes": [
"sha256:2857e29ff0d34db842cd7ca3230549d1a697f96ee6d3fb071cfa6c7393832597",
"sha256:6881edbebdb17b39b4eaaa821b438bf6eddffb4468cf344f09f89def34a8b1df"
],
"markers": "python_version >= '3'",
"version": "==2.0.12"
},
"idna": {
"hashes": [
"sha256:814f528e8dead7d329833b91c5faa87d60bf71824cd12a7530b5526063d02cb4",
"sha256:90b77e79eaa3eba6de819a0c442c0b4ceefc341a7a2ab77d7562bf49f425c5c2"
],
"markers": "python_version >= '3'",
"version": "==3.4"
},
"requests": {
"hashes": [
"sha256:6c1246513ecd5ecd4528a0906f910e8f0f9c6b8ec72030dc9fd154dc1a6efd24",
"sha256:b8aa58f8cf793ffd8782d3d8cb19e66ef36f7aba4353eec859e74678b01b07a7"
],
"index": "pypi",
"version": "==2.26.0"
},
"urllib3": {
"hashes": [
"sha256:47cc05d99aaa09c9e72ed5809b60e7ba354e64b59c9c173ac3018642d8bb41fc",
"sha256:c083dd0dce68dbfbe1129d5271cb90f9447dea7d52097c6e0126120c521ddea8"
],
"markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5'",
"version": "==1.26.13"
}
},
"develop": {}
}

11
github/codeql-action-v1/python-setup/tests/pipenv/requests-3/Pipfile Normal file
View file

@ -0,0 +1,11 @@
[[source]]
name = "pypi"
url = "https://pypi.org/simple"
verify_ssl = true
[dev-packages]
[packages]
requests = "*"
[requires]

59
github/codeql-action-v1/python-setup/tests/pipenv/requests-3/Pipfile.lock generated Normal file
View file

@ -0,0 +1,59 @@
{
"_meta": {
"hash": {
"sha256": "70e8bf6bc774f5ca177467cab4e67d4264d0536857993326abc13ff43063bec0"
},
"pipfile-spec": 6,
"requires": {},
"sources": [
{
"name": "pypi",
"url": "https://pypi.org/simple",
"verify_ssl": true
}
]
},
"default": {
"certifi": {
"hashes": [
"sha256:35824b4c3a97115964b408844d64aa14db1cc518f6562e8d7261699d1350a9e3",
"sha256:4ad3232f5e926d6718ec31cfc1fcadfde020920e278684144551c91769c7bc18"
],
"index": "pypi",
"version": "==2022.12.7"
},
"charset-normalizer": {
"hashes": [
"sha256:2857e29ff0d34db842cd7ca3230549d1a697f96ee6d3fb071cfa6c7393832597",
"sha256:6881edbebdb17b39b4eaaa821b438bf6eddffb4468cf344f09f89def34a8b1df"
],
"markers": "python_version >= '3'",
"version": "==2.0.12"
},
"idna": {
"hashes": [
"sha256:814f528e8dead7d329833b91c5faa87d60bf71824cd12a7530b5526063d02cb4",
"sha256:90b77e79eaa3eba6de819a0c442c0b4ceefc341a7a2ab77d7562bf49f425c5c2"
],
"markers": "python_version >= '3'",
"version": "==3.4"
},
"requests": {
"hashes": [
"sha256:6c1246513ecd5ecd4528a0906f910e8f0f9c6b8ec72030dc9fd154dc1a6efd24",
"sha256:b8aa58f8cf793ffd8782d3d8cb19e66ef36f7aba4353eec859e74678b01b07a7"
],
"index": "pypi",
"version": "==2.26.0"
},
"urllib3": {
"hashes": [
"sha256:47cc05d99aaa09c9e72ed5809b60e7ba354e64b59c9c173ac3018642d8bb41fc",
"sha256:c083dd0dce68dbfbe1129d5271cb90f9447dea7d52097c6e0126120c521ddea8"
],
"markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5'",
"version": "==1.26.13"
}
},
"develop": {}
}

84
github/codeql-action-v1/python-setup/tests/poetry/python-3.8/poetry.lock generated Normal file
View file

@ -0,0 +1,84 @@
[[package]]
name = "certifi"
version = "2022.12.7"
description = "Python package for providing Mozilla's CA Bundle."
category = "main"
optional = false
python-versions = ">=3.6"
[[package]]
name = "charset-normalizer"
version = "2.0.7"
description = "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet."
category = "main"
optional = false
python-versions = ">=3.5.0"
[package.extras]
unicode-backport = ["unicodedata2"]
[[package]]
name = "idna"
version = "3.3"
description = "Internationalized Domain Names in Applications (IDNA)"
category = "main"
optional = false
python-versions = ">=3.5"
[[package]]
name = "requests"
version = "2.26.0"
description = "Python HTTP for Humans."
category = "main"
optional = false
python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*"
[package.dependencies]
certifi = ">=2017.4.17"
charset-normalizer = {version = ">=2.0.0,<2.1.0", markers = "python_version >= \"3\""}
idna = {version = ">=2.5,<4", markers = "python_version >= \"3\""}
urllib3 = ">=1.21.1,<1.27"
[package.extras]
socks = ["PySocks (>=1.5.6,!=1.5.7)", "win-inet-pton"]
use-chardet-on-py3 = ["chardet (>=3.0.2,<5)"]
[[package]]
name = "urllib3"
version = "1.26.7"
description = "HTTP library with thread-safe connection pooling, file post, and more."
category = "main"
optional = false
python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, <4"
[package.extras]
brotli = ["brotlipy (>=0.6.0)"]
secure = ["certifi", "cryptography (>=1.3.4)", "idna (>=2.0.0)", "ipaddress", "pyOpenSSL (>=0.14)"]
socks = ["PySocks (>=1.5.6,!=1.5.7,<2.0)"]
[metadata]
lock-version = "1.1"
python-versions = "^3.8"
content-hash = "fabc9cabf9f18437e7b9ea3dbd1895a5a118239c17b3d097c465a290707e6bfd"
[metadata.files]
certifi = [
{file = "certifi-2022.12.7-py3-none-any.whl", hash = "sha256:4ad3232f5e926d6718ec31cfc1fcadfde020920e278684144551c91769c7bc18"},
{file = "certifi-2022.12.7.tar.gz", hash = "sha256:35824b4c3a97115964b408844d64aa14db1cc518f6562e8d7261699d1350a9e3"},
]
charset-normalizer = [
{file = "charset-normalizer-2.0.7.tar.gz", hash = "sha256:e019de665e2bcf9c2b64e2e5aa025fa991da8720daa3c1138cadd2fd1856aed0"},
{file = "charset_normalizer-2.0.7-py3-none-any.whl", hash = "sha256:f7af805c321bfa1ce6714c51f254e0d5bb5e5834039bc17db7ebe3a4cec9492b"},
]
idna = [
{file = "idna-3.3-py3-none-any.whl", hash = "sha256:84d9dd047ffa80596e0f246e2eab0b391788b0503584e8945f2368256d2735ff"},
{file = "idna-3.3.tar.gz", hash = "sha256:9d643ff0a55b762d5cdb124b8eaa99c66322e2157b69160bc32796e824360e6d"},
]
requests = [
{file = "requests-2.26.0-py2.py3-none-any.whl", hash = "sha256:6c1246513ecd5ecd4528a0906f910e8f0f9c6b8ec72030dc9fd154dc1a6efd24"},
{file = "requests-2.26.0.tar.gz", hash = "sha256:b8aa58f8cf793ffd8782d3d8cb19e66ef36f7aba4353eec859e74678b01b07a7"},
]
urllib3 = [
{file = "urllib3-1.26.7-py2.py3-none-any.whl", hash = "sha256:c4fdf4019605b6e5423637e01bc9fe4daef873709a7973e195ceba0a62bbc844"},
{file = "urllib3-1.26.7.tar.gz", hash = "sha256:4987c65554f7a2dbf30c18fd48778ef124af6fab771a377103da0585e2336ece"},
]

15
github/codeql-action-v1/python-setup/tests/poetry/python-3.8/pyproject.toml Normal file
View file

@ -0,0 +1,15 @@
[tool.poetry]
name = "autoinstall-test"
version = "0.1.0"
description = ""
authors = ["Your Name <you@example.com>"]
[tool.poetry.dependencies]
python = "^3.8"
requests = "*"
[tool.poetry.dev-dependencies]
[build-system]
requires = ["poetry>=0.12"]
build-backend = "poetry.masonry.api"

84
github/codeql-action-v1/python-setup/tests/poetry/requests-3/poetry.lock generated Normal file
View file

@ -0,0 +1,84 @@
[[package]]
name = "certifi"
version = "2022.12.7"
description = "Python package for providing Mozilla's CA Bundle."
category = "main"
optional = false
python-versions = ">=3.6"
[[package]]
name = "charset-normalizer"
version = "2.0.7"
description = "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet."
category = "main"
optional = false
python-versions = ">=3.5.0"
[package.extras]
unicode-backport = ["unicodedata2"]
[[package]]
name = "idna"
version = "3.3"
description = "Internationalized Domain Names in Applications (IDNA)"
category = "main"
optional = false
python-versions = ">=3.5"
[[package]]
name = "requests"
version = "2.26.0"
description = "Python HTTP for Humans."
category = "main"
optional = false
python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*"
[package.dependencies]
certifi = ">=2017.4.17"
charset-normalizer = {version = ">=2.0.0,<2.1.0", markers = "python_version >= \"3\""}
idna = {version = ">=2.5,<4", markers = "python_version >= \"3\""}
urllib3 = ">=1.21.1,<1.27"
[package.extras]
socks = ["PySocks (>=1.5.6,!=1.5.7)", "win-inet-pton"]
use-chardet-on-py3 = ["chardet (>=3.0.2,<5)"]
[[package]]
name = "urllib3"
version = "1.26.7"
description = "HTTP library with thread-safe connection pooling, file post, and more."
category = "main"
optional = false
python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, <4"
[package.extras]
brotli = ["brotlipy (>=0.6.0)"]
secure = ["certifi", "cryptography (>=1.3.4)", "idna (>=2.0.0)", "ipaddress", "pyOpenSSL (>=0.14)"]
socks = ["PySocks (>=1.5.6,!=1.5.7,<2.0)"]
[metadata]
lock-version = "1.1"
python-versions = "^3.6"
content-hash = "3186fede9fea5b617c0bcebda3034f2d889a3c4579d60dd45945772895a28b7d"
[metadata.files]
certifi = [
{file = "certifi-2022.12.7-py3-none-any.whl", hash = "sha256:4ad3232f5e926d6718ec31cfc1fcadfde020920e278684144551c91769c7bc18"},
{file = "certifi-2022.12.7.tar.gz", hash = "sha256:35824b4c3a97115964b408844d64aa14db1cc518f6562e8d7261699d1350a9e3"},
]
charset-normalizer = [
{file = "charset-normalizer-2.0.7.tar.gz", hash = "sha256:e019de665e2bcf9c2b64e2e5aa025fa991da8720daa3c1138cadd2fd1856aed0"},
{file = "charset_normalizer-2.0.7-py3-none-any.whl", hash = "sha256:f7af805c321bfa1ce6714c51f254e0d5bb5e5834039bc17db7ebe3a4cec9492b"},
]
idna = [
{file = "idna-3.3-py3-none-any.whl", hash = "sha256:84d9dd047ffa80596e0f246e2eab0b391788b0503584e8945f2368256d2735ff"},
{file = "idna-3.3.tar.gz", hash = "sha256:9d643ff0a55b762d5cdb124b8eaa99c66322e2157b69160bc32796e824360e6d"},
]
requests = [
{file = "requests-2.26.0-py2.py3-none-any.whl", hash = "sha256:6c1246513ecd5ecd4528a0906f910e8f0f9c6b8ec72030dc9fd154dc1a6efd24"},
{file = "requests-2.26.0.tar.gz", hash = "sha256:b8aa58f8cf793ffd8782d3d8cb19e66ef36f7aba4353eec859e74678b01b07a7"},
]
urllib3 = [
{file = "urllib3-1.26.7-py2.py3-none-any.whl", hash = "sha256:c4fdf4019605b6e5423637e01bc9fe4daef873709a7973e195ceba0a62bbc844"},
{file = "urllib3-1.26.7.tar.gz", hash = "sha256:4987c65554f7a2dbf30c18fd48778ef124af6fab771a377103da0585e2336ece"},
]

5
github/codeql-action-v1/python-setup/tests/poetry/requests-3/poetry.toml Normal file
View file

@ -0,0 +1,5 @@
[virtualenvs]
in-project = true
[virtualenvs.options]
no-pip = true

15
github/codeql-action-v1/python-setup/tests/poetry/requests-3/pyproject.toml Normal file
View file

@ -0,0 +1,15 @@
[tool.poetry]
name = "autoinstall-test"
version = "0.1.0"
description = ""
authors = ["Your Name <you@example.com>"]
[tool.poetry.dependencies]
python = "^3.6"
requests = "*"
[tool.poetry.dev-dependencies]
[build-system]
requires = ["poetry>=0.12"]
build-backend = "poetry.masonry.api"

1
github/codeql-action-v1/python-setup/tests/requirements/non-standard-location/non-standard/requirements.txt Normal file
View file

@ -0,0 +1 @@
requests==2.26.0

1
github/codeql-action-v1/python-setup/tests/requirements/non-standard-location/wat.py Normal file
View file

@ -0,0 +1 @@
print('hello')

1
github/codeql-action-v1/python-setup/tests/requirements/requests-3/requirements.txt Normal file
View file

@ -0,0 +1 @@
requests==2.26.0

3
github/codeql-action-v1/python-setup/tests/requirements/requests-3/setup.py Normal file
View file

@ -0,0 +1,3 @@
# fake setup.py with Trove classifier to fool Python extractor to believe this is Python 3 for sure
# Programming Language :: Python :: 3.7

12
github/codeql-action-v1/python-setup/tests/setup_py/requests-3/setup.py Normal file
View file

@ -0,0 +1,12 @@
from setuptools import setup
# has fake Trove classifier to fool Python extractor to believe this is Python 3 for sure
# Programming Language :: Python :: 3.7
setup(
name="example-setup.py",
install_requires=["requests==2.26.0"],
python_requires='>=3.7',
)