feat(codeqlExecuteScan): cloning project from non-github scm to github #4630

Co-authored-by: sumeet patil <sumeet.patil@sap.com>

cmd/codeqlExecuteScan.go

@@ -120,12 +120,13 @@ func getGitRepoInfo(repoUri string, repoInfo *RepoInfo) error {
 	return fmt.Errorf("Invalid repository %s", repoUri)
 }
 
-func initGitInfo(config *codeqlExecuteScanOptions) RepoInfo {
+func initGitInfo(config *codeqlExecuteScanOptions) (RepoInfo, error) {
 	var repoInfo RepoInfo
 	err := getGitRepoInfo(config.Repository, &repoInfo)
 	if err != nil {
 		log.Entry().Error(err)
 	}
+
 	repoInfo.ref = config.AnalyzedRef
 	repoInfo.commitId = config.CommitID
 
@@ -148,8 +149,25 @@ func initGitInfo(config *codeqlExecuteScanOptions) RepoInfo {
 			}
 		}
 	}
+	if len(config.TargetGithubRepoURL) > 0 {
+		if strings.Contains(repoInfo.serverUrl, "github") {
+			log.Entry().Errorf("TargetGithubRepoURL should not be set as the source repo is on github.")
+			return repoInfo, errors.New("TargetGithubRepoURL should not be set as the source repo is on github.")
+		}
+		err := getGitRepoInfo(config.TargetGithubRepoURL, &repoInfo)
+		if err != nil {
+			log.Entry().Error(err)
+			return repoInfo, err
+		}
+		if len(config.TargetGithubBranchName) > 0 {
+			repoInfo.ref = config.TargetGithubBranchName
+			if len(strings.Split(config.TargetGithubBranchName, "/")) < 3 {
+				repoInfo.ref = "refs/heads/" + config.TargetGithubBranchName
+			}
+		}
+	}
 
-	return repoInfo
+	return repoInfo, nil
 }
 
 func getToken(config *codeqlExecuteScanOptions) (bool, string) {
@@ -311,11 +329,37 @@ func runCodeqlExecuteScan(config *codeqlExecuteScanOptions, telemetryData *telem
 
 	reports = append(reports, piperutils.Path{Target: filepath.Join(config.ModulePath, "target", "codeqlReport.csv")})
 
-	repoInfo := initGitInfo(config)
+	repoInfo, err := initGitInfo(config)
+	if err != nil {
+		return reports, err
+	}
 	repoUrl := fmt.Sprintf("%s/%s/%s", repoInfo.serverUrl, repoInfo.owner, repoInfo.repo)
 	repoReference, err := buildRepoReference(repoUrl, repoInfo.ref)
 	repoCodeqlScanUrl := fmt.Sprintf("%s/security/code-scanning?query=is:open+ref:%s", repoUrl, repoInfo.ref)
 
+	if len(config.TargetGithubRepoURL) > 0 {
+		hasToken, token := getToken(config)
+		if !hasToken {
+			return reports, errors.New("failed running upload db sources to GitHub as githubToken was not specified")
+		}
+		repoUploader, err := codeql.NewGitUploaderInstance(
+			token,
+			repoInfo.ref,
+			config.Database,
+			repoInfo.commitId,
+			config.Repository,
+			config.TargetGithubRepoURL,
+		)
+		if err != nil {
+			return reports, err
+		}
+		targetCommitId, err := repoUploader.UploadProjectToGithub()
+		if err != nil {
+			return reports, errors.Wrap(err, "failed uploading db sources from non-GitHub SCM to GitHub")
+		}
+		repoInfo.commitId = targetCommitId
+	}
+
 	if !config.UploadResults {
 		log.Entry().Warn("The sarif results will not be uploaded to the repository and compliance report will not be generated as uploadResults is set to false.")
 	} else {

cmd/codeqlExecuteScan_generated.go

@@ -30,6 +30,8 @@ type codeqlExecuteScanOptions struct {
 	UploadResults               bool   `json:"uploadResults,omitempty"`
 	SarifCheckMaxRetries        int    `json:"sarifCheckMaxRetries,omitempty"`
 	SarifCheckRetryInterval     int    `json:"sarifCheckRetryInterval,omitempty"`
+	TargetGithubRepoURL         string `json:"targetGithubRepoURL,omitempty"`
+	TargetGithubBranchName      string `json:"targetGithubBranchName,omitempty"`
 	Threads                     string `json:"threads,omitempty"`
 	Ram                         string `json:"ram,omitempty"`
 	AnalyzedRef                 string `json:"analyzedRef,omitempty"`
@@ -193,6 +195,8 @@ func addCodeqlExecuteScanFlags(cmd *cobra.Command, stepConfig *codeqlExecuteScan
 	cmd.Flags().BoolVar(&stepConfig.UploadResults, "uploadResults", false, "Allows you to upload codeql SARIF results to your github project. You will need to set githubToken for this.")
 	cmd.Flags().IntVar(&stepConfig.SarifCheckMaxRetries, "sarifCheckMaxRetries", 10, "Maximum number of retries when waiting for the server to finish processing the SARIF upload.")
 	cmd.Flags().IntVar(&stepConfig.SarifCheckRetryInterval, "sarifCheckRetryInterval", 30, "Interval in seconds between retries when waiting for the server to finish processing the SARIF upload.")
+	cmd.Flags().StringVar(&stepConfig.TargetGithubRepoURL, "targetGithubRepoURL", os.Getenv("PIPER_targetGithubRepoURL"), "")
+	cmd.Flags().StringVar(&stepConfig.TargetGithubBranchName, "targetGithubBranchName", os.Getenv("PIPER_targetGithubBranchName"), "")
 	cmd.Flags().StringVar(&stepConfig.Threads, "threads", `0`, "Use this many threads for the codeql operations.")
 	cmd.Flags().StringVar(&stepConfig.Ram, "ram", os.Getenv("PIPER_ram"), "Use this much ram (MB) for the codeql operations.")
 	cmd.Flags().StringVar(&stepConfig.AnalyzedRef, "analyzedRef", os.Getenv("PIPER_analyzedRef"), "Name of the ref that was analyzed.")
@@ -324,6 +328,24 @@ func codeqlExecuteScanMetadata() config.StepData {
 						Aliases:     []config.Alias{},
 						Default:     30,
 					},
+					{
+						Name:        "targetGithubRepoURL",
+						ResourceRef: []config.ResourceReference{},
+						Scope:       []string{"PARAMETERS", "STAGES", "STEPS"},
+						Type:        "string",
+						Mandatory:   false,
+						Aliases:     []config.Alias{},
+						Default:     os.Getenv("PIPER_targetGithubRepoURL"),
+					},
+					{
+						Name:        "targetGithubBranchName",
+						ResourceRef: []config.ResourceReference{},
+						Scope:       []string{"PARAMETERS", "STAGES", "STEPS"},
+						Type:        "string",
+						Mandatory:   false,
+						Aliases:     []config.Alias{},
+						Default:     os.Getenv("PIPER_targetGithubBranchName"),
+					},
 					{
 						Name:        "threads",
 						ResourceRef: []config.ResourceReference{},

cmd/codeqlExecuteScan_test.go

@@ -180,7 +180,8 @@ func TestGetGitRepoInfo(t *testing.T) {
 func TestInitGitInfo(t *testing.T) {
 	t.Run("Valid URL1", func(t *testing.T) {
 		config := codeqlExecuteScanOptions{Repository: "https://github.hello.test/Testing/codeql.git", AnalyzedRef: "refs/head/branch", CommitID: "abcd1234"}
-		repoInfo := initGitInfo(&config)
+		repoInfo, err := initGitInfo(&config)
+		assert.NoError(t, err)
 		assert.Equal(t, "abcd1234", repoInfo.commitId)
 		assert.Equal(t, "Testing", repoInfo.owner)
 		assert.Equal(t, "codeql", repoInfo.repo)
@@ -190,7 +191,8 @@ func TestInitGitInfo(t *testing.T) {
 
 	t.Run("Valid URL2", func(t *testing.T) {
 		config := codeqlExecuteScanOptions{Repository: "https://github.hello.test/Testing/codeql", AnalyzedRef: "refs/head/branch", CommitID: "abcd1234"}
-		repoInfo := initGitInfo(&config)
+		repoInfo, err := initGitInfo(&config)
+		assert.NoError(t, err)
 		assert.Equal(t, "abcd1234", repoInfo.commitId)
 		assert.Equal(t, "Testing", repoInfo.owner)
 		assert.Equal(t, "codeql", repoInfo.repo)
@@ -200,7 +202,8 @@ func TestInitGitInfo(t *testing.T) {
 
 	t.Run("Valid url with dots URL1", func(t *testing.T) {
 		config := codeqlExecuteScanOptions{Repository: "https://github.hello.test/Testing/com.sap.codeql.git", AnalyzedRef: "refs/head/branch", CommitID: "abcd1234"}
-		repoInfo := initGitInfo(&config)
+		repoInfo, err := initGitInfo(&config)
+		assert.NoError(t, err)
 		assert.Equal(t, "abcd1234", repoInfo.commitId)
 		assert.Equal(t, "Testing", repoInfo.owner)
 		assert.Equal(t, "com.sap.codeql", repoInfo.repo)
@@ -210,7 +213,8 @@ func TestInitGitInfo(t *testing.T) {
 
 	t.Run("Valid url with dots URL2", func(t *testing.T) {
 		config := codeqlExecuteScanOptions{Repository: "https://github.hello.test/Testing/com.sap.codeql", AnalyzedRef: "refs/head/branch", CommitID: "abcd1234"}
-		repoInfo := initGitInfo(&config)
+		repoInfo, err := initGitInfo(&config)
+		assert.NoError(t, err)
 		assert.Equal(t, "abcd1234", repoInfo.commitId)
 		assert.Equal(t, "Testing", repoInfo.owner)
 		assert.Equal(t, "com.sap.codeql", repoInfo.repo)
@@ -220,7 +224,8 @@ func TestInitGitInfo(t *testing.T) {
 
 	t.Run("Valid url with username and token URL1", func(t *testing.T) {
 		config := codeqlExecuteScanOptions{Repository: "https://username:token@github.hello.test/Testing/codeql.git", AnalyzedRef: "refs/head/branch", CommitID: "abcd1234"}
-		repoInfo := initGitInfo(&config)
+		repoInfo, err := initGitInfo(&config)
+		assert.NoError(t, err)
 		assert.Equal(t, "abcd1234", repoInfo.commitId)
 		assert.Equal(t, "Testing", repoInfo.owner)
 		assert.Equal(t, "codeql", repoInfo.repo)
@@ -230,7 +235,8 @@ func TestInitGitInfo(t *testing.T) {
 
 	t.Run("Valid url with username and token URL2", func(t *testing.T) {
 		config := codeqlExecuteScanOptions{Repository: "https://username:token@github.hello.test/Testing/codeql", AnalyzedRef: "refs/head/branch", CommitID: "abcd1234"}
-		repoInfo := initGitInfo(&config)
+		repoInfo, err := initGitInfo(&config)
+		assert.NoError(t, err)
 		assert.Equal(t, "abcd1234", repoInfo.commitId)
 		assert.Equal(t, "Testing", repoInfo.owner)
 		assert.Equal(t, "codeql", repoInfo.repo)
@@ -240,8 +246,9 @@ func TestInitGitInfo(t *testing.T) {
 
 	t.Run("Invalid URL with no org/reponame", func(t *testing.T) {
 		config := codeqlExecuteScanOptions{Repository: "https://github.hello.test", AnalyzedRef: "refs/head/branch", CommitID: "abcd1234"}
-		repoInfo := initGitInfo(&config)
+		repoInfo, err := initGitInfo(&config)
-		_, err := orchestrator.NewOrchestratorSpecificConfigProvider()
+		assert.NoError(t, err)
+		_, err = orchestrator.NewOrchestratorSpecificConfigProvider()
 		assert.Equal(t, "abcd1234", repoInfo.commitId)
 		assert.Equal(t, "refs/head/branch", repoInfo.ref)
 		if err != nil {

go.mod

@@ -23,8 +23,8 @@ require (
 	github.com/evanphx/json-patch v5.6.0+incompatible
 	github.com/getsentry/sentry-go v0.11.0
 	github.com/ghodss/yaml v1.0.1-0.20190212211648-25d852aebe32
-	github.com/go-git/go-billy/v5 v5.3.1
+	github.com/go-git/go-billy/v5 v5.4.1
-	github.com/go-git/go-git/v5 v5.4.2
+	github.com/go-git/go-git/v5 v5.8.1
 	github.com/go-openapi/runtime v0.24.1
 	github.com/go-openapi/strfmt v0.21.3
 	github.com/go-playground/locales v0.14.0
@@ -69,6 +69,7 @@ require (
 
 require (
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
+	dario.cat/mergo v1.0.0 // indirect
 	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.23 // indirect
 	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.6 // indirect
@@ -101,9 +102,11 @@ require (
 	github.com/okta/okta-sdk-golang/v2 v2.12.1 // indirect
 	github.com/oracle/oci-go-sdk/v60 v60.0.0 // indirect
 	github.com/pires/go-proxyproto v0.6.1 // indirect
+	github.com/pjbgf/sha1cd v0.3.0 // indirect
 	github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect
 	github.com/pquerna/otp v1.2.1-0.20191009055518-468c2dd2b58d // indirect
 	github.com/shirou/gopsutil/v3 v3.22.6 // indirect
+	github.com/skeema/knownhosts v1.2.0 // indirect
 	github.com/sony/gobreaker v0.4.2-0.20210216022020-dd874f9dd33b // indirect
 	github.com/yusufpapurcu/wmi v1.2.2 // indirect
 	go.opentelemetry.io/otel v1.14.0 // indirect
@@ -143,8 +146,8 @@ require (
 	github.com/Masterminds/semver/v3 v3.2.1 // indirect
 	github.com/Microsoft/go-winio v0.6.1 // indirect
 	github.com/NYTimes/gziphandler v1.1.1 // indirect
-	github.com/ProtonMail/go-crypto v0.0.0-20230626094100-7e9e0395ebec // indirect
+	github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95 // indirect
-	github.com/acomagu/bufpipe v1.0.3 // indirect
+	github.com/acomagu/bufpipe v1.0.4 // indirect
 	github.com/aliyun/alibaba-cloud-sdk-go v1.62.301 // indirect
 	github.com/antchfx/xpath v1.2.0 // indirect
 	github.com/armon/go-metrics v0.4.1 // indirect
@@ -189,12 +192,12 @@ require (
 	github.com/docker/go-metrics v0.0.1 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
 	github.com/emicklei/go-restful/v3 v3.10.1 // indirect
-	github.com/emirpasic/gods v1.12.0 // indirect
+	github.com/emirpasic/gods v1.18.1 // indirect
 	github.com/evanphx/json-patch/v5 v5.6.0 // indirect
 	github.com/fatih/color v1.15.0 // indirect
 	github.com/frankban/quicktest v1.14.4 // indirect
 	github.com/go-errors/errors v1.4.2 // indirect
-	github.com/go-git/gcfg v1.5.0 // indirect
+	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
 	github.com/go-logr/logr v1.2.3 // indirect
 	github.com/go-ole/go-ole v1.2.6 // indirect
 	github.com/go-openapi/analysis v0.21.2 // indirect
@@ -265,7 +268,7 @@ require (
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/joyent/triton-go v1.7.1-0.20200416154420-6801d15b779f // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351 // indirect
+	github.com/kevinburke/ssh_config v1.2.0 // indirect
 	github.com/klauspost/compress v1.16.5 // indirect
 	github.com/leodido/go-urn v1.2.1 // indirect
 	github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
@@ -325,7 +328,7 @@ require (
 	github.com/tv42/httpunix v0.0.0-20191220191345-2ba4b9c3382c // indirect
 	github.com/vbatts/tar-split v0.11.2 // indirect
 	github.com/vmware/govmomi v0.18.0 // indirect
-	github.com/xanzy/ssh-agent v0.3.0 // indirect
+	github.com/xanzy/ssh-agent v0.3.3 // indirect
 	github.com/xlab/treeprint v1.1.0 // indirect
 	github.com/xuri/efp v0.0.0-20210322160811-ab561f5b45e3 // indirect
 	go.etcd.io/bbolt v1.3.7 // indirect
@@ -355,7 +358,7 @@ require (
 	k8s.io/client-go v0.27.2 // indirect
 	k8s.io/klog/v2 v2.90.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect
-	k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 // indirect
+	k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5
 	oras.land/oras-go v1.2.3 // indirect
 	sigs.k8s.io/kustomize/api v0.12.1 // indirect
 	sigs.k8s.io/kustomize/kyaml v0.13.9 // indirect

go.sum

@@ -54,6 +54,8 @@ cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9
 cloud.google.com/go/storage v1.29.0 h1:6weCgzRvMg7lzuUurI4697AqIRPU1SvzHhynwpW31jI=
 cloud.google.com/go/storage v1.29.0/go.mod h1:4puEjyTKnku6gfKoTfNOU/W+a9JyuVNxjpS5GBrB8h4=
 code.cloudfoundry.org/gofileutils v0.0.0-20170111115228-4d0c80011a0f h1:UrKzEwTgeiff9vxdrfdqxibzpWjxLnuXDI5m6z3GJAk=
+dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk=
+dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 github.com/99designs/go-keychain v0.0.0-20191008050251-8e49817e8af4 h1:/vQbFIOMbk2FiG/kXiLl8BRyzTWDw7gX/Hz7Dd5eDMs=
 github.com/99designs/keyring v1.2.2 h1:pZd3neh/EmUzWONb35LxQfvuY7kiSXAq3HQd97+XBn0=
@@ -159,6 +161,7 @@ github.com/Microsoft/go-winio v0.4.17-0.20210211115548-6eac466e5fa3/go.mod h1:JP
 github.com/Microsoft/go-winio v0.4.17-0.20210324224401-5516f17a5958/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
 github.com/Microsoft/go-winio v0.4.17/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
 github.com/Microsoft/go-winio v0.5.0/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
+github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
 github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=
 github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM=
 github.com/Microsoft/hcsshim v0.8.6/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg=
@@ -176,9 +179,8 @@ github.com/NYTimes/gziphandler v1.1.1 h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cq
 github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c=
 github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEVMRuU21PR1EtLVZJmdB18Gu3Rw=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
-github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo=
+github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95 h1:KLq8BE0KwCL+mmXnjLWEAOYO+2l2AE4YMmqG1ZpZHBs=
-github.com/ProtonMail/go-crypto v0.0.0-20230626094100-7e9e0395ebec h1:vV3RryLxt42+ZIVOFbYJCH1jsZNTNmj2NYru5zfx+4E=
+github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
-github.com/ProtonMail/go-crypto v0.0.0-20230626094100-7e9e0395ebec/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
 github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
 github.com/PuerkitoBio/purell v1.1.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
 github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
@@ -190,8 +192,8 @@ github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/O
 github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ=
 github.com/abdullin/seq v0.0.0-20160510034733-d5467c17e7af h1:DBNMBMuMiWYu0b+8KMJuWmfCkcxl09JwdlqwDZZ6U14=
 github.com/abdullin/seq v0.0.0-20160510034733-d5467c17e7af/go.mod h1:5Jv4cbFiHJMsVxt52+i0Ha45fjshj6wxYr1r19tB9bw=
-github.com/acomagu/bufpipe v1.0.3 h1:fxAGrHZTgQ9w5QqVItgzwj235/uYZYgbXitB+dLupOk=
+github.com/acomagu/bufpipe v1.0.4 h1:e3H4WUzM3npvo5uv95QuJM3cQspFNtFBzvJ2oNjKIDQ=
-github.com/acomagu/bufpipe v1.0.3/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4=
+github.com/acomagu/bufpipe v1.0.4/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4=
 github.com/agnivade/levenshtein v1.0.1/go.mod h1:CURSv5d9Uaml+FovSIICkLbAUZ9S4RqaHDIsdSBg7lM=
 github.com/ajg/form v1.5.1/go.mod h1:uL1WgH+h2mgNtvBq0339dVnzXdBETtL2LeUXaIv25UY=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
@@ -203,8 +205,7 @@ github.com/alexflint/go-filemutex v0.0.0-20171022225611-72bdc8eae2ae/go.mod h1:C
 github.com/aliyun/alibaba-cloud-sdk-go v1.62.301 h1:8mgvCpqsv3mQAcqZ/baAaMGUBj5J6MKMhxLd+K8L27Q=
 github.com/aliyun/alibaba-cloud-sdk-go v1.62.301/go.mod h1:Api2AkmMgGaSUAhmk76oaFObkoeCPc/bKAqcyplPODs=
 github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8=
-github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239 h1:kFOfPq6dUM1hTo4JG6LR5AXSUEsOjtdm0kw0FtQtMJA=
+github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
-github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c=
 github.com/antchfx/htmlquery v1.2.4 h1:qLteofCMe/KGovBI6SQgmou2QNyedFUW+pE+BpeZ494=
 github.com/antchfx/htmlquery v1.2.4/go.mod h1:2xO6iu3EVWs7R2JYqBbp8YzG50gj/ofqs5/0VZoDZLc=
 github.com/antchfx/xpath v1.2.0 h1:mbwv7co+x0RwgeGAOHdrKy89GvHaGvxxBtPK0uF9Zr8=
@@ -227,7 +228,6 @@ github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj
 github.com/armon/go-radix v1.0.0 h1:F4z6KzEeeQIMeLFa97iZU6vupzoecKdU5TX24SNppXI=
 github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
-github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
 github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
 github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
@@ -549,14 +549,15 @@ github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25Kn
 github.com/dvsekhvalnov/jose2go v1.5.0 h1:3j8ya4Z4kMCwT5nXIKFSV84YS+HdqSSO0VsTQxaLAeM=
 github.com/eknkc/amber v0.0.0-20171010120322-cdade1c07385/go.mod h1:0vRUJqYpeSZifjYj7uP3BG/gKcuzL9xWVV/Y+cK33KM=
 github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
+github.com/elazarl/goproxy v0.0.0-20221015165544-a0805db90819 h1:RIB4cRk+lBqKK3Oy0r2gRX4ui7tuhiZq2SuTtTCi0/0=
 github.com/elliotchance/orderedmap v1.4.0 h1:wZtfeEONCbx6in1CZyE6bELEt/vFayMvsxqI5SgsR+A=
 github.com/elliotchance/orderedmap v1.4.0/go.mod h1:wsDwEaX5jEoyhbs7x93zk2H/qv0zwuhg4inXhDkYqys=
 github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
 github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
 github.com/emicklei/go-restful/v3 v3.10.1 h1:rc42Y5YTp7Am7CS630D7JmhRjq4UlEUuEKfrDac4bSQ=
 github.com/emicklei/go-restful/v3 v3.10.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
-github.com/emirpasic/gods v1.12.0 h1:QAUIPSaCu4G+POclxeqb3F+WPpdKqFGlw36+yOzGlrg=
+github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=
-github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o=
+github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
@@ -580,7 +581,6 @@ github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBD
 github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo=
 github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M=
 github.com/felixge/httpsnoop v1.0.1 h1:lvB5Jl89CsZtGIWuTcDM1E/vkVs49/Ml7JJe07l8SPQ=
-github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
 github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
 github.com/form3tech-oss/jwt-go v3.2.5+incompatible h1:/l4kBbb4/vGSsdtB5nUe8L7B9mImVMaBPw9L/0TBHU8=
 github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k=
@@ -608,8 +608,7 @@ github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm
 github.com/gin-gonic/gin v1.4.0/go.mod h1:OW2EZn3DO8Ln9oIKOvM++LBO+5UPHJJDH72/q/3rZdM=
 github.com/gin-gonic/gin v1.6.3 h1:ahKqKTFpO5KTPHxWZjEdPScmYaGtLo8Y4DMHoEsnp14=
 github.com/gin-gonic/gin v1.6.3/go.mod h1:75u5sXoLsGZoRN5Sgbi1eraJ4GU3++wFwWzhwvtwp4M=
-github.com/gliderlabs/ssh v0.2.2 h1:6zsha5zo/TWhRhwqCD3+EarCAgZ2yN28ipRnGPnwkI0=
+github.com/gliderlabs/ssh v0.3.5 h1:OcaySEmAQJgyYcArR+gGGTHCyE7nvhEMTlYY+Dp8CpY=
-github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
 github.com/globalsign/mgo v0.0.0-20180905125535-1ca0a4f7cbcb/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q=
 github.com/globalsign/mgo v0.0.0-20181015135952-eeefdecb41b8/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q=
 github.com/go-asn1-ber/asn1-ber v1.5.4 h1:vXT6d/FNDiELJnLb6hGNa309LMsrCoYFvpwHDF0+Y1A=
@@ -618,15 +617,13 @@ github.com/go-chi/chi/v5 v5.0.0/go.mod h1:BBug9lr0cqtdAhsu6R4AAdvufI0/XBzAQSsUqJ
 github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q=
 github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA=
 github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og=
-github.com/go-git/gcfg v1.5.0 h1:Q5ViNfGF8zFgyJWPqYwA7qGFoMTEiBmdlkcfRmpIMa4=
+github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI=
-github.com/go-git/gcfg v1.5.0/go.mod h1:5m20vg6GwYabIxaOonVkTdrILxQMpEShl1xiMF4ua+E=
+github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic=
-github.com/go-git/go-billy/v5 v5.2.0/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0=
+github.com/go-git/go-billy/v5 v5.4.1 h1:Uwp5tDRkPr+l/TnbHOQzp+tmJfLceOlbVucgpTz8ix4=
-github.com/go-git/go-billy/v5 v5.3.1 h1:CPiOUAzKtMRvolEKw+bG1PLRpT7D3LIs3/3ey4Aiu34=
+github.com/go-git/go-billy/v5 v5.4.1/go.mod h1:vjbugF6Fz7JIflbVpl1hJsGjSHNltrSw45YK/ukIvQg=
-github.com/go-git/go-billy/v5 v5.3.1/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0=
+github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20230305113008-0c11038e723f h1:Pz0DHeFij3XFhoBRGUDPzSJ+w2UcK5/0JvF8DRI58r8=
-github.com/go-git/go-git-fixtures/v4 v4.2.1 h1:n9gGL1Ct/yIw+nfsfr8s4+sbhT+Ncu2SubfXjIWgci8=
+github.com/go-git/go-git/v5 v5.8.1 h1:Zo79E4p7TRk0xoRgMq0RShiTHGKcKI4+DI6BfJc/Q+A=
-github.com/go-git/go-git-fixtures/v4 v4.2.1/go.mod h1:K8zd3kDUAykwTdDCr+I0per6Y6vMiRR/nnVTBtavnB0=
+github.com/go-git/go-git/v5 v5.8.1/go.mod h1:FHFuoD6yGz5OSKEBK+aWN9Oah0q54Jxl0abmj6GnqAo=
-github.com/go-git/go-git/v5 v5.4.2 h1:BXyZu9t0VkbiHtqrsvdq39UDhGJTl1h55VW6CSC4aY4=
-github.com/go-git/go-git/v5 v5.4.2/go.mod h1:gQ1kArt6d+n+BGd+/B/I74HwRTLhth2+zti4ihgckDc=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
@@ -1151,7 +1148,6 @@ github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJ
 github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
 github.com/imdario/mergo v0.3.10/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
 github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
-github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
 github.com/imdario/mergo v0.3.15 h1:M8XP7IuFNsqUx6VPK2P9OSmsYsI/YFaGil0uD21V3dM=
 github.com/imdario/mergo v0.3.15/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
 github.com/imkira/go-interpol v1.1.0/go.mod h1:z0h2/2T3XF8kyEPpRgJ3kmNv+C43p+I/CoI+jC3w2iA=
@@ -1198,7 +1194,6 @@ github.com/jefferai/isbadcipher v0.0.0-20190226160619-51d2077c035f/go.mod h1:3J2
 github.com/jefferai/jsonx v1.0.0 h1:Xoz0ZbmkpBvED5W9W1B5B/zc3Oiq7oXqiW7iRV3B6EI=
 github.com/jefferai/jsonx v1.0.0/go.mod h1:OGmqmi2tTeI/PS+qQfBDToLHHJIy/RMp24fPo8vFvoQ=
 github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
-github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c2EWnYs/m4=
 github.com/jhump/protoreflect v1.10.3 h1:8ogeubpKh2TiulA0apmGlW5YAH4U1Vi4TINIP+gpNfQ=
 github.com/jhump/protoreflect v1.10.3/go.mod h1:7GcYQDdMU/O/BBrl/cX6PNHpXh6cenjd8pneu5yW7Tg=
 github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
@@ -1242,8 +1237,8 @@ github.com/kataras/pio v0.0.2/go.mod h1:hAoW0t9UmXi4R5Oyq5Z4irTbaTsOemSrDGUtaTl7
 github.com/kataras/sitemap v0.0.5/go.mod h1:KY2eugMKiPwsJgx7+U103YZehfvNGOXURubcGyk0Bz8=
 github.com/kelseyhightower/envconfig v1.4.0 h1:Im6hONhd3pLkfDFsbRgu68RDNkGF1r3dvMUtDTo2cv8=
 github.com/kelseyhightower/envconfig v1.4.0/go.mod h1:cccZRl6mQpaq41TPp5QxidR+Sa3axMbJDNb//FQX6Gg=
-github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351 h1:DowS9hvgyYSX4TO5NpyC606/Z4SxnNYbT+WX27or6Ck=
+github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
-github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
+github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
 github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
 github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
@@ -1530,6 +1525,8 @@ github.com/piper-validation/fortify-client-go v0.0.0-20220126145513-7b3e9a72af01
 github.com/piper-validation/fortify-client-go v0.0.0-20220126145513-7b3e9a72af01/go.mod h1:EZkdCgngw/tInYdidqDQlRIXvyM1fSbqn/vx83YNCcw=
 github.com/pires/go-proxyproto v0.6.1 h1:EBupykFmo22SDjv4fQVQd2J9NOoLPmyZA/15ldOGkPw=
 github.com/pires/go-proxyproto v0.6.1/go.mod h1:Odh9VFOZJCf9G8cLW5o435Xf1J95Jw9Gw5rnCjcwzAY=
+github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4=
+github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI=
 github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 h1:KoWmjvw+nsYOo29YJK9vDA65RGE3NrOnUtO7a+RF9HU=
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
@@ -1640,7 +1637,6 @@ github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 h1:nn5Wsu0esKSJiIVhscUt
 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
 github.com/seccomp/libseccomp-golang v0.9.1/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvWlF4P2Ca7zGrPiEpWo=
 github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
-github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
 github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ=
 github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
 github.com/sethvargo/go-limiter v0.7.1 h1:wWNhTj0pxjyJ7wuJHpRJpYwJn+bUnjYfw2a85eu5w9U=
@@ -1660,6 +1656,8 @@ github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic
 github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
 github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/skeema/knownhosts v1.2.0 h1:h9r9cf0+u7wSE+M183ZtMGgOJKiL96brpaz5ekfJCpM=
+github.com/skeema/knownhosts v1.2.0/go.mod h1:g4fPeYpque7P0xefxtGzV81ihjC8sX2IqpAoNkjxbMo=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
 github.com/smartystreets/assertions v1.0.0/go.mod h1:kHHU4qYBaI3q23Pp3VPrmWhuIUrLW/7eUrw0BU5VaoM=
 github.com/smartystreets/go-aws-auth v0.0.0-20180515143844-0c1422d1fdb9/go.mod h1:SnhjPscd9TpLiy1LpzGSKh3bXCfxxXuqd9xmQJy3slM=
@@ -1780,8 +1778,8 @@ github.com/vmware/govmomi v0.18.0 h1:f7QxSmP7meCtoAmiKZogvVbLInT+CZx6Px6K5rYsJZo
 github.com/vmware/govmomi v0.18.0/go.mod h1:URlwyTFZX72RmxtxuaFL2Uj3fD1JTvZdx59bHWk6aFU=
 github.com/willf/bitset v1.1.11-0.20200630133818-d5bec3311243/go.mod h1:RjeCKbqT1RxIR/KWY6phxZiaY1IyutSBfGjNPySAYV4=
 github.com/willf/bitset v1.1.11/go.mod h1:83CECat5yLh5zVOf4P1ErAgKA5UDvKtgyUABdr3+MjI=
-github.com/xanzy/ssh-agent v0.3.0 h1:wUMzuKtKilRgBAD1sUb8gOwwRr2FGoBVumcjoOACClI=
+github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
-github.com/xanzy/ssh-agent v0.3.0/go.mod h1:3s9xbODqPuuhK9JV1R321M/FlMZSBvE5aY6eAcqrDh0=
+github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
 github.com/xdg-go/pbkdf2 v1.0.0 h1:Su7DPu48wXMwC3bs7MCNG+z4FhcyEuz5dlvchbq0B0c=
 github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI=
 github.com/xdg-go/scram v1.0.2/go.mod h1:1WAq6h33pAW+iRreB34OORO2Nf7qel3VV3fjBj+hCSs=
@@ -1874,7 +1872,6 @@ golang.org/x/crypto v0.0.0-20181009213950-7c1a557ab941/go.mod h1:6SG95UA2DQfeDnf
 golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190211182817-74369b46fc67/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190320223903-b7391e95e576/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190422162423-af44ce270edf/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=
@@ -1896,7 +1893,6 @@ golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/crypto v0.0.0-20201216223049-8b5274cf687f/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
-golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
@@ -2004,7 +2000,6 @@ golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v
 golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc=
-golang.org/x/net v0.0.0-20210326060303-6b1517762897/go.mod h1:uSPa2vr4CLtc/ILN5odXGNXS6mhrKVzTaCXzk9m6W3k=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8=
 golang.org/x/net v0.0.0-20210421230115-4e50805a0758/go.mod h1:72T/g9IO56b78aLF+1Kcs5dz7/ng1VjMUvfKvpfy+jM=
@@ -2151,7 +2146,6 @@ golang.org/x/sys v0.0.0-20210324051608-47abb6519492/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210420072515-93ed5bcd2bfe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210502180810-71e4cd670f79/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=

pkg/codeql/github_repo_upload.go

@@ -0,0 +1,335 @@
+package codeql
+
+import (
+	"archive/zip"
+	"fmt"
+	"io"
+	"os"
+	"path"
+	"path/filepath"
+	"runtime"
+	"strings"
+	"time"
+
+	"github.com/SAP/jenkins-library/pkg/command"
+	"github.com/SAP/jenkins-library/pkg/log"
+	"github.com/go-git/go-git/v5"
+	"github.com/go-git/go-git/v5/config"
+	"github.com/go-git/go-git/v5/plumbing"
+	"github.com/go-git/go-git/v5/plumbing/object"
+	"github.com/go-git/go-git/v5/plumbing/transport/http"
+	"github.com/go-git/go-git/v5/storage/memory"
+	"gopkg.in/yaml.v2"
+)
+
+type GitUploader interface {
+	UploadProjectToGithub() (string, error)
+}
+
+type GitUploaderInstance struct {
+	*command.Command
+
+	token          string
+	ref            string
+	sourceCommitId string
+	sourceRepo     string
+	targetRepo     string
+	dbDir          string
+}
+
+func NewGitUploaderInstance(token, ref, dbDir, sourceCommitId, sourceRepo, targetRepo string) (*GitUploaderInstance, error) {
+	dbAbsPath, err := filepath.Abs(dbDir)
+	if err != nil {
+		return nil, err
+	}
+	instance := &GitUploaderInstance{
+		Command:        &command.Command{},
+		token:          token,
+		ref:            ref,
+		sourceCommitId: sourceCommitId,
+		sourceRepo:     sourceRepo,
+		targetRepo:     targetRepo,
+		dbDir:          filepath.Clean(dbAbsPath),
+	}
+
+	instance.Stdout(log.Writer())
+	instance.Stderr(log.Writer())
+	return instance, nil
+}
+
+type gitUtils interface {
+	listRemote() ([]reference, error)
+	cloneRepo(dir string, opts *git.CloneOptions) (*git.Repository, error)
+	switchOrphan(ref string, repo *git.Repository) error
+}
+
+type repository interface {
+	Worktree() (*git.Worktree, error)
+	CommitObject(commit plumbing.Hash) (*object.Commit, error)
+	Push(o *git.PushOptions) error
+}
+
+type worktree interface {
+	RemoveGlob(pattern string) error
+	Clean(opts *git.CleanOptions) error
+	AddWithOptions(opts *git.AddOptions) error
+	Commit(msg string, opts *git.CommitOptions) (plumbing.Hash, error)
+}
+
+type reference interface {
+	Name() plumbing.ReferenceName
+}
+
+const (
+	CommitMessageMirroringCode = "Mirroring code for revision %s from %s"
+	SrcZip                     = "src.zip"
+	codeqlDatabaseYml          = "codeql-database.yml"
+)
+
+func (uploader *GitUploaderInstance) UploadProjectToGithub() (string, error) {
+	tmpDir, err := os.MkdirTemp("", "tmp")
+	if err != nil {
+		return "", err
+	}
+	defer os.RemoveAll(tmpDir)
+
+	refExists, err := doesRefExist(uploader, uploader.ref)
+	if err != nil {
+		return "", err
+	}
+
+	repo, err := clone(uploader, uploader.targetRepo, uploader.token, uploader.ref, tmpDir, refExists)
+	if err != nil {
+		return "", err
+	}
+
+	tree, err := repo.Worktree()
+	if err != nil {
+		return "", err
+	}
+	err = cleanDir(tree)
+	if err != nil {
+		return "", err
+	}
+
+	srcLocationPrefix, err := getSourceLocationPrefix(filepath.Join(uploader.dbDir, codeqlDatabaseYml))
+	if err != nil {
+		return "", err
+	}
+
+	zipPath := path.Join(uploader.dbDir, SrcZip)
+	err = unzip(zipPath, tmpDir, strings.Trim(srcLocationPrefix, fmt.Sprintf("%c", os.PathSeparator)))
+	if err != nil {
+		return "", err
+	}
+
+	err = add(tree)
+	if err != nil {
+		return "", err
+	}
+
+	newCommit, err := commit(repo, tree, uploader.sourceCommitId, uploader.sourceRepo)
+	if err != nil {
+		return "", err
+	}
+
+	err = push(repo, uploader.token)
+	if err != nil {
+		return "", err
+	}
+
+	return newCommit.ID().String(), err
+}
+
+func (uploader *GitUploaderInstance) listRemote() ([]reference, error) {
+	rem := git.NewRemote(memory.NewStorage(), &config.RemoteConfig{
+		Name: "origin",
+		URLs: []string{uploader.targetRepo},
+	})
+
+	list, err := rem.List(&git.ListOptions{
+		Auth: &http.BasicAuth{
+			Username: "does-not-matter",
+			Password: uploader.token,
+		},
+	})
+	if err != nil {
+		return nil, err
+	}
+	var convertedList []reference
+	for _, ref := range list {
+		convertedList = append(convertedList, ref)
+	}
+	return convertedList, err
+}
+
+func (uploader *GitUploaderInstance) cloneRepo(dir string, opts *git.CloneOptions) (*git.Repository, error) {
+	return git.PlainClone(dir, false, opts)
+}
+
+func (uploader *GitUploaderInstance) switchOrphan(ref string, r *git.Repository) error {
+	branchName := strings.Split(ref, "/")[2:]
+	newRef := plumbing.NewBranchReferenceName(strings.Join(branchName, "/"))
+	return r.Storer.SetReference(plumbing.NewSymbolicReference(plumbing.HEAD, newRef))
+}
+
+func doesRefExist(uploader gitUtils, ref string) (bool, error) {
+	// git ls-remote <repo>
+	remoteRefs, err := uploader.listRemote()
+	if err != nil {
+		return false, err
+	}
+	for _, r := range remoteRefs {
+		if string(r.Name()) == ref {
+			return true, nil
+		}
+	}
+	return false, nil
+}
+
+func clone(uploader gitUtils, url, token, ref, dir string, refExists bool) (*git.Repository, error) {
+	opts := &git.CloneOptions{
+		URL: url,
+		Auth: &http.BasicAuth{
+			Username: "does-not-matter",
+			Password: token,
+		},
+		SingleBranch: true,
+		Depth:        1,
+	}
+	if refExists {
+		opts.ReferenceName = plumbing.ReferenceName(ref)
+		// git clone -b <ref> --single-branch --depth=1 <url> <dir>
+		return uploader.cloneRepo(dir, opts)
+	}
+
+	// git clone --single-branch --depth=1 <url> <dir>
+	r, err := uploader.cloneRepo(dir, opts)
+	if err != nil {
+		return nil, err
+	}
+
+	// git switch --orphan <ref>
+	err = uploader.switchOrphan(ref, r)
+	if err != nil {
+		return nil, err
+	}
+	return r, nil
+}
+
+func cleanDir(t worktree) error {
+	// git rm -r
+	err := t.RemoveGlob("*")
+	if err != nil {
+		return err
+	}
+	// git clean -d
+	err = t.Clean(&git.CleanOptions{Dir: true})
+	return err
+}
+
+func add(t worktree) error {
+	// git add --all
+	return t.AddWithOptions(&git.AddOptions{
+		All: true,
+	})
+}
+
+func commit(r repository, t worktree, sourceCommitId, sourceRepo string) (*object.Commit, error) {
+	// git commit --allow-empty -m <msg>
+	newCommit, err := t.Commit(fmt.Sprintf(CommitMessageMirroringCode, sourceCommitId, sourceRepo), &git.CommitOptions{
+		AllowEmptyCommits: true,
+		Author: &object.Signature{
+			When: time.Now(),
+		},
+	})
+	if err != nil {
+		return nil, err
+	}
+	return r.CommitObject(newCommit)
+}
+
+func push(r repository, token string) error {
+	// git push
+	return r.Push(&git.PushOptions{
+		Auth: &http.BasicAuth{
+			Username: "does-not-matter",
+			Password: token,
+		},
+	})
+}
+
+func unzip(zipPath, targetDir, srcDir string) error {
+	r, err := zip.OpenReader(zipPath)
+	if err != nil {
+		return err
+	}
+	defer r.Close()
+
+	for _, f := range r.File {
+		fName := f.Name
+
+		if runtime.GOOS == "windows" {
+			fNameSplit := strings.Split(fName, "/")
+			if len(fNameSplit) == 0 {
+				continue
+			}
+			fNameSplit[0] = strings.Replace(fNameSplit[0], "_", ":", 1)
+			fName = strings.Join(fNameSplit, fmt.Sprintf("%c", os.PathSeparator))
+		}
+		if !strings.Contains(fName, srcDir) {
+			continue
+		}
+
+		rc, err := f.Open()
+		if err != nil {
+			return err
+		}
+
+		fName = strings.TrimPrefix(fName, srcDir)
+		fpath := filepath.Join(targetDir, fName)
+		if f.FileInfo().IsDir() {
+			os.MkdirAll(fpath, os.ModePerm)
+			rc.Close()
+			continue
+		}
+		err = os.MkdirAll(filepath.Dir(fpath), os.ModePerm)
+		if err != nil {
+			rc.Close()
+			return err
+		}
+
+		fNew, err := os.OpenFile(fpath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, f.Mode())
+		if err != nil {
+			rc.Close()
+			return err
+		}
+
+		_, err = io.Copy(fNew, rc)
+		if err != nil {
+			rc.Close()
+			fNew.Close()
+			return err
+		}
+		rc.Close()
+		fNew.Close()
+	}
+	return nil
+}
+
+func getSourceLocationPrefix(fileName string) (string, error) {
+	type codeqlDatabase struct {
+		SourceLocation string `yaml:"sourceLocationPrefix"`
+	}
+	var db codeqlDatabase
+	file, err := os.ReadFile(fileName)
+	if err != nil {
+		return "", err
+	}
+	err = yaml.Unmarshal(file, &db)
+	if err != nil {
+		return "", err
+	}
+
+	return db.SourceLocation, nil
+}

pkg/codeql/github_repo_upload_test.go

@@ -0,0 +1,416 @@
+package codeql
+
+import (
+	"archive/zip"
+	"fmt"
+	"io"
+	"os"
+	"path"
+	"path/filepath"
+	"strings"
+	"testing"
+
+	"github.com/go-git/go-git/v5"
+	"github.com/go-git/go-git/v5/plumbing"
+	"github.com/go-git/go-git/v5/plumbing/object"
+	"github.com/stretchr/testify/assert"
+	"gopkg.in/yaml.v2"
+	"k8s.io/utils/strings/slices"
+)
+
+const (
+	notExists = "not-exists"
+	exists    = "exists"
+	refsHeads = "refs/heads/"
+)
+
+type gitMock struct {
+	ref string
+	url string
+}
+
+func newGitMock(ref, url string) *gitMock {
+	return &gitMock{ref: ref, url: url}
+}
+
+func (g *gitMock) listRemote() ([]reference, error) {
+	if g.url == notExists {
+		return nil, fmt.Errorf("repository not found")
+	}
+	list := []*referenceMock{
+		{
+			name: refsHeads + "ref1",
+		},
+		{
+			name: refsHeads + "ref2",
+		},
+		{
+			name: refsHeads + "ref3",
+		},
+		{
+			name: refsHeads + exists,
+		},
+	}
+	var convertedList []reference
+	for _, ref := range list {
+		convertedList = append(convertedList, ref)
+	}
+	return convertedList, nil
+}
+
+func (g *gitMock) cloneRepo(dir string, opts *git.CloneOptions) (*git.Repository, error) {
+	if opts.Auth == nil {
+		return nil, fmt.Errorf("error")
+	}
+	if opts.URL == notExists {
+		return nil, fmt.Errorf("error")
+	}
+	return &git.Repository{}, nil
+}
+
+func (g *gitMock) switchOrphan(branch string, repo *git.Repository) error {
+	return nil
+}
+
+type referenceMock struct {
+	name string
+}
+
+func (r *referenceMock) Name() plumbing.ReferenceName {
+	return plumbing.ReferenceName(r.name)
+}
+
+type repoMock struct{}
+
+func (r *repoMock) Worktree() (*git.Worktree, error) {
+	return &git.Worktree{}, nil
+}
+
+func (r *repoMock) CommitObject(commit plumbing.Hash) (*object.Commit, error) {
+	return &object.Commit{Hash: commit}, nil
+}
+
+func (r *repoMock) Push(opts *git.PushOptions) error {
+	if opts.Auth == nil {
+		return fmt.Errorf("error")
+	}
+	return nil
+}
+
+type worktreeMock struct{}
+
+func (t *worktreeMock) RemoveGlob(pattern string) error {
+	return nil
+}
+
+func (t *worktreeMock) Clean(opts *git.CleanOptions) error {
+	return nil
+}
+
+func (t *worktreeMock) AddWithOptions(opts *git.AddOptions) error {
+	return nil
+}
+
+func (t *worktreeMock) Commit(msg string, opts *git.CommitOptions) (plumbing.Hash, error) {
+	if opts.Author == nil {
+		return plumbing.Hash{}, fmt.Errorf("error")
+	}
+	return plumbing.Hash{}, nil
+}
+
+func TestDoesRefExist(t *testing.T) {
+	t.Parallel()
+	t.Run("Invalid repository", func(t *testing.T) {
+		ghUploader := newGitMock(refsHeads+notExists, notExists)
+		_, err := doesRefExist(ghUploader, refsHeads+notExists)
+		assert.Error(t, err)
+
+	})
+	t.Run("Ref exists", func(t *testing.T) {
+		ghUploader := newGitMock(refsHeads+exists, exists)
+		ok, err := doesRefExist(ghUploader, refsHeads+exists)
+		assert.NoError(t, err)
+		assert.True(t, ok)
+	})
+	t.Run("Ref doesn't exist", func(t *testing.T) {
+		ghUploader := newGitMock(refsHeads+notExists, exists)
+		ok, err := doesRefExist(ghUploader, refsHeads+notExists)
+		assert.NoError(t, err)
+		assert.False(t, ok)
+	})
+}
+
+func TestClone(t *testing.T) {
+	t.Parallel()
+	t.Run("Created new branch", func(t *testing.T) {
+		ghUploader := newGitMock(refsHeads+notExists, exists)
+		repo, err := clone(ghUploader, ghUploader.url, "", ghUploader.ref, "", false)
+		assert.NoError(t, err)
+		assert.NotNil(t, repo)
+	})
+	t.Run("Target branch exists", func(t *testing.T) {
+		ghUploader := newGitMock(refsHeads+exists, exists)
+		repo, err := clone(ghUploader, ghUploader.url, "", ghUploader.ref, "", true)
+		assert.NoError(t, err)
+		assert.NotNil(t, repo)
+	})
+}
+
+func TestClean(t *testing.T) {
+	t.Parallel()
+	t.Run("Success", func(t *testing.T) {
+		tree := &worktreeMock{}
+		err := cleanDir(tree)
+		assert.NoError(t, err)
+	})
+}
+
+func TestAdd(t *testing.T) {
+	t.Run("Success", func(t *testing.T) {
+		tree := &worktreeMock{}
+		err := add(tree)
+		assert.NoError(t, err)
+	})
+}
+
+func TestCommit(t *testing.T) {
+	t.Run("Success", func(t *testing.T) {
+		tree := &worktreeMock{}
+		repo := &repoMock{}
+		c, err := commit(repo, tree, "", "")
+		assert.NoError(t, err)
+		assert.NotNil(t, c)
+	})
+}
+
+func TestPush(t *testing.T) {
+	t.Run("Success", func(t *testing.T) {
+		repo := &repoMock{}
+		err := push(repo, "")
+		assert.NoError(t, err)
+	})
+}
+
+func TestUnzip(t *testing.T) {
+	t.Parallel()
+
+	t.Run("Success", func(t *testing.T) {
+		targetDir, err := os.MkdirTemp("", "tmp_target")
+		if err != nil {
+			panic(err)
+		}
+		defer os.RemoveAll(targetDir)
+		sourceDir, err := os.MkdirTemp("", "tmp_source")
+		if err != nil {
+			panic(err)
+		}
+		defer os.RemoveAll(sourceDir)
+		zipPath := filepath.Join(sourceDir, "src.zip")
+
+		srcFilenames := []string{
+			filepath.Join(sourceDir, "file1"),
+			filepath.Join(sourceDir, "file2"),
+			filepath.Join(sourceDir, "subfolder1", "file1"),
+			filepath.Join(sourceDir, "subfolder1", "file2"),
+			filepath.Join(sourceDir, "subfolder2", "file1"),
+		}
+		err = createZIP(zipPath, srcFilenames)
+		if err != nil {
+			panic(err)
+		}
+		assert.NoError(t, unzip(zipPath, targetDir, sourceDir))
+		targetFilenames := []string{
+			filepath.Join(targetDir, "file1"),
+			filepath.Join(targetDir, "file2"),
+			filepath.Join(targetDir, "subfolder1", "file1"),
+			filepath.Join(targetDir, "subfolder1", "file2"),
+			filepath.Join(targetDir, "subfolder2", "file1"),
+		}
+		checkExistedFiles(t, targetDir, targetFilenames)
+	})
+
+	t.Run("Empty zip", func(t *testing.T) {
+		targetDir, err := os.MkdirTemp("", "tmp_target")
+		if err != nil {
+			panic(err)
+		}
+		defer os.RemoveAll(targetDir)
+		sourceDir, err := os.MkdirTemp("", "tmp_source")
+		if err != nil {
+			panic(err)
+		}
+		defer os.RemoveAll(sourceDir)
+		zipPath := filepath.Join(sourceDir, "src.zip")
+
+		filenames := []string{}
+		err = createZIP(zipPath, filenames)
+		if err != nil {
+			panic(err)
+		}
+		assert.NoError(t, unzip(zipPath, targetDir, sourceDir))
+		checkExistedFiles(t, targetDir, filenames)
+	})
+
+	t.Run("zip not found", func(t *testing.T) {
+		targetDir, err := os.MkdirTemp("", "tmp_target")
+		if err != nil {
+			panic(err)
+		}
+		defer os.RemoveAll(targetDir)
+		sourceDir, err := os.MkdirTemp("", "tmp_source")
+		if err != nil {
+			panic(err)
+		}
+		defer os.RemoveAll(sourceDir)
+		zipPath := filepath.Join(sourceDir, "src.zip")
+
+		assert.Error(t, unzip(zipPath, targetDir, sourceDir))
+	})
+
+	t.Run("extra files in zip", func(t *testing.T) {
+		targetDir, err := os.MkdirTemp("", "tmp_target")
+		if err != nil {
+			panic(err)
+		}
+		defer os.RemoveAll(targetDir)
+		sourceDir, err := os.MkdirTemp("", "tmp_source")
+		if err != nil {
+			panic(err)
+		}
+		defer os.RemoveAll(sourceDir)
+		zipPath := filepath.Join(sourceDir, "src.zip")
+
+		srcFilenames := []string{
+			filepath.Join(sourceDir, "file1"),
+			filepath.Join(sourceDir, "file2"),
+			filepath.Join(sourceDir, "subfolder1", "file1"),
+			filepath.Join(sourceDir, "subfolder1", "file2"),
+			filepath.Join(sourceDir, "subfolder2", "file1"),
+			filepath.Join(targetDir, "extrafile1"),
+			filepath.Join(targetDir, "extrafile2"),
+			filepath.Join(targetDir, "subfolder1", "extrafile1"),
+		}
+		err = createZIP(zipPath, srcFilenames)
+		if err != nil {
+			panic(err)
+		}
+		assert.NoError(t, unzip(zipPath, targetDir, sourceDir))
+		targetFilenames := []string{
+			filepath.Join(targetDir, "file1"),
+			filepath.Join(targetDir, "file2"),
+			filepath.Join(targetDir, "subfolder1", "file1"),
+			filepath.Join(targetDir, "subfolder1", "file2"),
+			filepath.Join(targetDir, "subfolder2", "file1"),
+		}
+		checkExistedFiles(t, targetDir, targetFilenames)
+	})
+}
+
+func TestGetSourceLocationPrefix(t *testing.T) {
+	t.Parallel()
+	t.Run("Success", func(t *testing.T) {
+		filename := "test-file.yml"
+		location := "/some/location"
+		err := createFile(filename, location, false)
+		assert.NoError(t, err)
+		defer os.Remove(filename)
+		srcLocationPrefix, err := getSourceLocationPrefix(filename)
+		assert.NoError(t, err)
+		assert.Equal(t, location, srcLocationPrefix)
+	})
+
+	t.Run("No file found", func(t *testing.T) {
+		filename := "test-file-2.yml"
+		_, err := getSourceLocationPrefix(filename)
+		assert.Error(t, err)
+	})
+
+	t.Run("Empty file", func(t *testing.T) {
+		filename := "test-file-3.yml"
+		err := createFile(filename, "", true)
+		assert.NoError(t, err)
+		defer os.Remove(filename)
+		srcLocationPrefix, err := getSourceLocationPrefix(filename)
+		assert.NoError(t, err)
+		assert.Empty(t, srcLocationPrefix)
+	})
+}
+
+func checkExistedFiles(t *testing.T, dir string, filenames []string) {
+	counter := 0
+	err := filepath.Walk(dir, func(path string, info os.FileInfo, err error) error {
+		if err != nil {
+			return err
+		}
+		if path == dir || info.IsDir() {
+			return nil
+		}
+		assert.True(t, slices.Contains(filenames, path))
+		counter++
+		return nil
+	})
+	assert.NoError(t, err)
+	assert.Equal(t, len(filenames), counter)
+}
+
+func createZIP(zipPath string, filenames []string) error {
+	archive, err := os.Create(zipPath)
+	if err != nil {
+		return err
+	}
+	defer archive.Close()
+
+	zipWriter := zip.NewWriter(archive)
+	defer zipWriter.Close()
+
+	for _, filename := range filenames {
+		writer, err := zipWriter.Create(filename)
+		if err != nil {
+			return err
+		}
+
+		reader := strings.NewReader("test content\n")
+		if _, err := io.Copy(writer, reader); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func createFile(fileName, location string, isEmpty bool) error {
+	err := ensureBaseDir(fileName)
+	if err != nil {
+		return err
+	}
+	f, err := os.OpenFile(fileName, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, os.ModePerm)
+	if err != nil {
+		return err
+	}
+	defer f.Close()
+
+	if isEmpty {
+		return nil
+	}
+
+	type codeqlDatabase struct {
+		SourceLocation string `yaml:"sourceLocationPrefix"`
+		OtherInfo      string `yaml:"otherInfo"`
+	}
+	db := codeqlDatabase{SourceLocation: location, OtherInfo: "test"}
+	data, err := yaml.Marshal(db)
+	if err != nil {
+		return err
+	}
+
+	_, err = f.Write(data)
+	return err
+}
+
+func ensureBaseDir(fpath string) error {
+	baseDir := path.Dir(fpath)
+	info, err := os.Stat(baseDir)
+	if err == nil && info.IsDir() {
+		return nil
+	}
+	return os.MkdirAll(baseDir, 0755)
+}

resources/metadata/codeqlExecuteScan.yaml

@@ -120,6 +120,20 @@ spec:
           - STAGES
           - STEPS
         default: 30
+      - name: targetGithubRepoURL
+        type: string
+        descriptoin: "Target github repo url. Only relevant, if project uses a combination of Piper and non-GitHub SCM."
+        scope:
+          - PARAMETERS
+          - STAGES
+          - STEPS
+      - name: targetGithubBranchName
+        type: string
+        descriptoin: "Target github branch name. Only relevant, if project uses a combination of Piper and non-GitHub SCM."
+        scope:
+          - PARAMETERS
+          - STAGES
+          - STEPS
       - name: threads
         type: string
         description: "Use this many threads for the codeql operations."