diff --git a/.github/workflows/__all-platform-bundle.yml b/.github/workflows/__all-platform-bundle.yml index 384d2dca48..07c33757a2 100644 --- a/.github/workflows/__all-platform-bundle.yml +++ b/.github/workflows/__all-platform-bundle.yml @@ -64,6 +64,7 @@ jobs: uses: ./../action/init with: tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - uses: ./../action/.github/actions/setup-swift with: codeql-path: ${{ steps.init.outputs.codeql-path }} @@ -73,5 +74,6 @@ jobs: - uses: ./../action/analyze with: upload-database: false + token: ${{ secrets.CODEQL_TOKEN || github.token }} env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__analyze-ref-input.yml b/.github/workflows/__analyze-ref-input.yml index 6850a63ab1..e8f9317ef9 100644 --- a/.github/workflows/__analyze-ref-input.yml +++ b/.github/workflows/__analyze-ref-input.yml @@ -70,6 +70,7 @@ jobs: languages: cpp,csharp,java,javascript,python config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ github.sha }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Build code shell: bash run: ./build.sh @@ -78,5 +79,6 @@ jobs: upload-database: false ref: refs/heads/main sha: 5e235361806c361d4d3f8859e3c897658025a9a2 + token: ${{ secrets.CODEQL_TOKEN || github.token }} env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__autobuild-action.yml b/.github/workflows/__autobuild-action.yml index 84a0d95055..10480172a2 100644 --- a/.github/workflows/__autobuild-action.yml +++ b/.github/workflows/__autobuild-action.yml @@ -68,7 +68,10 @@ jobs: with: languages: csharp tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - uses: ./../action/autobuild + with: + token: ${{ secrets.CODEQL_TOKEN || github.token }} env: # Explicitly disable the CLR tracer. COR_ENABLE_PROFILING: '' @@ -80,6 +83,7 @@ jobs: - uses: ./../action/analyze with: upload-database: false + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Check database shell: bash run: | diff --git a/.github/workflows/__config-export.yml b/.github/workflows/__config-export.yml index eeac29f05b..815f050f9e 100644 --- a/.github/workflows/__config-export.yml +++ b/.github/workflows/__config-export.yml @@ -75,10 +75,12 @@ jobs: languages: javascript queries: security-extended tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - uses: ./../action/analyze with: output: ${{ runner.temp }}/results upload-database: false + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Upload SARIF uses: actions/upload-artifact@v3 with: diff --git a/.github/workflows/__cpp-deptrace-disabled.yml b/.github/workflows/__cpp-deptrace-disabled.yml index d68c72101a..a3d2774e11 100644 --- a/.github/workflows/__cpp-deptrace-disabled.yml +++ b/.github/workflows/__cpp-deptrace-disabled.yml @@ -72,9 +72,11 @@ jobs: with: languages: cpp tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - uses: ./../action/autobuild with: working-directory: autobuild-dir + token: ${{ secrets.CODEQL_TOKEN || github.token }} env: CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: false - shell: bash diff --git a/.github/workflows/__cpp-deptrace-enabled-on-macos.yml b/.github/workflows/__cpp-deptrace-enabled-on-macos.yml index 1f86c061aa..8254dc6e57 100644 --- a/.github/workflows/__cpp-deptrace-enabled-on-macos.yml +++ b/.github/workflows/__cpp-deptrace-enabled-on-macos.yml @@ -68,9 +68,11 @@ jobs: with: languages: cpp tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - uses: ./../action/autobuild with: working-directory: autobuild-dir + token: ${{ secrets.CODEQL_TOKEN || github.token }} env: CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: true - shell: bash diff --git a/.github/workflows/__cpp-deptrace-enabled.yml b/.github/workflows/__cpp-deptrace-enabled.yml index ba99f61f1d..afc1e083ac 100644 --- a/.github/workflows/__cpp-deptrace-enabled.yml +++ b/.github/workflows/__cpp-deptrace-enabled.yml @@ -72,9 +72,11 @@ jobs: with: languages: cpp tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - uses: ./../action/autobuild with: working-directory: autobuild-dir + token: ${{ secrets.CODEQL_TOKEN || github.token }} env: CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: true - shell: bash diff --git a/.github/workflows/__diagnostics-export.yml b/.github/workflows/__diagnostics-export.yml index 47983a3081..f24a7d2653 100644 --- a/.github/workflows/__diagnostics-export.yml +++ b/.github/workflows/__diagnostics-export.yml @@ -81,6 +81,7 @@ jobs: with: languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Add test diagnostics shell: bash env: @@ -101,6 +102,7 @@ jobs: with: output: ${{ runner.temp }}/results upload-database: false + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Upload SARIF uses: actions/upload-artifact@v3 with: diff --git a/.github/workflows/__export-file-baseline-information.yml b/.github/workflows/__export-file-baseline-information.yml index c395a5655d..4a3f18c312 100644 --- a/.github/workflows/__export-file-baseline-information.yml +++ b/.github/workflows/__export-file-baseline-information.yml @@ -69,6 +69,7 @@ jobs: with: languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - uses: ./../action/.github/actions/setup-swift with: codeql-path: ${{ steps.init.outputs.codeql-path }} @@ -78,6 +79,7 @@ jobs: - uses: ./../action/analyze with: output: ${{ runner.temp }}/results + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Upload SARIF uses: actions/upload-artifact@v3 with: diff --git a/.github/workflows/__extractor-ram-threads.yml b/.github/workflows/__extractor-ram-threads.yml index 5823fa50ad..42d3d652d1 100644 --- a/.github/workflows/__extractor-ram-threads.yml +++ b/.github/workflows/__extractor-ram-threads.yml @@ -65,6 +65,7 @@ jobs: languages: java ram: 230 threads: 1 + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Assert Results shell: bash run: | diff --git a/.github/workflows/__go-custom-queries.yml b/.github/workflows/__go-custom-queries.yml index d8db274075..cd0a33cea3 100644 --- a/.github/workflows/__go-custom-queries.yml +++ b/.github/workflows/__go-custom-queries.yml @@ -105,12 +105,14 @@ jobs: languages: go config-file: ./.github/codeql/custom-queries.yml tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Build code shell: bash run: ./build.sh - uses: ./../action/analyze with: upload-database: false + token: ${{ secrets.CODEQL_TOKEN || github.token }} env: DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false' CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml b/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml index 19b5744110..ffb6e19ac0 100644 --- a/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml +++ b/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml @@ -68,6 +68,7 @@ jobs: with: languages: go tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} # Deliberately change Go after the `init` step - uses: actions/setup-go@v5 with: @@ -79,6 +80,7 @@ jobs: with: output: ${{ runner.temp }}/results upload-database: false + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Check diagnostic appears in SARIF uses: actions/github-script@v7 env: diff --git a/.github/workflows/__go-indirect-tracing-workaround.yml b/.github/workflows/__go-indirect-tracing-workaround.yml index 11c164fa59..6b2ef5d105 100644 --- a/.github/workflows/__go-indirect-tracing-workaround.yml +++ b/.github/workflows/__go-indirect-tracing-workaround.yml @@ -68,12 +68,14 @@ jobs: with: languages: go tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Build code shell: bash run: go build main.go - uses: ./../action/analyze with: upload-database: false + token: ${{ secrets.CODEQL_TOKEN || github.token }} - shell: bash run: | if [[ -z "${CODEQL_ACTION_GO_BINARY}" ]]; then diff --git a/.github/workflows/__go-tracing-autobuilder.yml b/.github/workflows/__go-tracing-autobuilder.yml index 6e0cbae406..4db51c7baa 100644 --- a/.github/workflows/__go-tracing-autobuilder.yml +++ b/.github/workflows/__go-tracing-autobuilder.yml @@ -93,10 +93,14 @@ jobs: with: languages: go tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - uses: ./../action/autobuild + with: + token: ${{ secrets.CODEQL_TOKEN || github.token }} - uses: ./../action/analyze with: upload-database: false + token: ${{ secrets.CODEQL_TOKEN || github.token }} - shell: bash run: | if [[ "${CODEQL_ACTION_DID_AUTOBUILD_GOLANG}" != true ]]; then diff --git a/.github/workflows/__go-tracing-custom-build-steps.yml b/.github/workflows/__go-tracing-custom-build-steps.yml index 97db9e5c68..e86117a6a4 100644 --- a/.github/workflows/__go-tracing-custom-build-steps.yml +++ b/.github/workflows/__go-tracing-custom-build-steps.yml @@ -93,12 +93,14 @@ jobs: with: languages: go tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Build code shell: bash run: go build main.go - uses: ./../action/analyze with: upload-database: false + token: ${{ secrets.CODEQL_TOKEN || github.token }} - shell: bash run: | # Once we start running Bash 4.2 in all environments, we can replace the diff --git a/.github/workflows/__go-tracing-legacy-workflow.yml b/.github/workflows/__go-tracing-legacy-workflow.yml index 2ed8d2adee..7f02121c64 100644 --- a/.github/workflows/__go-tracing-legacy-workflow.yml +++ b/.github/workflows/__go-tracing-legacy-workflow.yml @@ -93,9 +93,11 @@ jobs: with: languages: go tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - uses: ./../action/analyze with: upload-database: false + token: ${{ secrets.CODEQL_TOKEN || github.token }} - shell: bash run: | cd "$RUNNER_TEMP/codeql_databases" diff --git a/.github/workflows/__init-with-registries.yml b/.github/workflows/__init-with-registries.yml index 6e41cf0a00..2a9fce95eb 100644 --- a/.github/workflows/__init-with-registries.yml +++ b/.github/workflows/__init-with-registries.yml @@ -87,7 +87,7 @@ jobs: registries: | - url: "https://ghcr.io/v2/" packages: "*/*" - token: "${{ secrets.GITHUB_TOKEN }}" + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Verify packages installed shell: bash diff --git a/.github/workflows/__javascript-source-root.yml b/.github/workflows/__javascript-source-root.yml index f87d5f9d2b..8f2e742892 100644 --- a/.github/workflows/__javascript-source-root.yml +++ b/.github/workflows/__javascript-source-root.yml @@ -74,6 +74,7 @@ jobs: languages: javascript source-root: ../new-source-root tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - uses: ./../action/analyze with: upload-database: false diff --git a/.github/workflows/__language-aliases.yml b/.github/workflows/__language-aliases.yml index c796fdc72f..84cadb190d 100644 --- a/.github/workflows/__language-aliases.yml +++ b/.github/workflows/__language-aliases.yml @@ -64,6 +64,7 @@ jobs: with: languages: C#,java-kotlin,swift,typescript tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Check languages run: | diff --git a/.github/workflows/__multi-language-autodetect.yml b/.github/workflows/__multi-language-autodetect.yml index 0385d67f02..6b15c90aaf 100644 --- a/.github/workflows/__multi-language-autodetect.yml +++ b/.github/workflows/__multi-language-autodetect.yml @@ -91,6 +91,7 @@ jobs: with: db-location: ${{ runner.temp }}/customDbLocation tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - uses: ./../action/.github/actions/setup-swift with: @@ -104,6 +105,7 @@ jobs: id: analysis with: upload-database: false + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Check language autodetect for all languages excluding Swift shell: bash diff --git a/.github/workflows/__packaging-codescanning-config-inputs-js.yml b/.github/workflows/__packaging-codescanning-config-inputs-js.yml index 07f16ab32b..05370e69b5 100644 --- a/.github/workflows/__packaging-codescanning-config-inputs-js.yml +++ b/.github/workflows/__packaging-codescanning-config-inputs-js.yml @@ -82,6 +82,7 @@ jobs: packs: +codeql-testing/codeql-pack1@1.0.0 languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Build code shell: bash run: ./build.sh @@ -89,12 +90,13 @@ jobs: with: output: ${{ runner.temp }}/results upload-database: false + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Check results uses: ./../action/.github/actions/check-sarif with: sarif-file: ${{ runner.temp }}/results/javascript.sarif - queries-run: + queries-run: javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block queries-not-run: foo,bar diff --git a/.github/workflows/__packaging-config-inputs-js.yml b/.github/workflows/__packaging-config-inputs-js.yml index 79a9034436..cd687dbe4e 100644 --- a/.github/workflows/__packaging-config-inputs-js.yml +++ b/.github/workflows/__packaging-config-inputs-js.yml @@ -82,6 +82,7 @@ jobs: packs: +codeql-testing/codeql-pack1@1.0.0 languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Build code shell: bash run: ./build.sh @@ -89,12 +90,13 @@ jobs: with: output: ${{ runner.temp }}/results upload-database: false + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Check results uses: ./../action/.github/actions/check-sarif with: sarif-file: ${{ runner.temp }}/results/javascript.sarif - queries-run: + queries-run: javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block queries-not-run: foo,bar diff --git a/.github/workflows/__packaging-config-js.yml b/.github/workflows/__packaging-config-js.yml index 8654b8eb8b..9d03dd0f2e 100644 --- a/.github/workflows/__packaging-config-js.yml +++ b/.github/workflows/__packaging-config-js.yml @@ -81,6 +81,7 @@ jobs: config-file: .github/codeql/codeql-config-packaging.yml languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Build code shell: bash run: ./build.sh @@ -88,12 +89,13 @@ jobs: with: output: ${{ runner.temp }}/results upload-database: false + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Check results uses: ./../action/.github/actions/check-sarif with: sarif-file: ${{ runner.temp }}/results/javascript.sarif - queries-run: + queries-run: javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block queries-not-run: foo,bar diff --git a/.github/workflows/__packaging-inputs-js.yml b/.github/workflows/__packaging-inputs-js.yml index 079da18d20..02a1826a88 100644 --- a/.github/workflows/__packaging-inputs-js.yml +++ b/.github/workflows/__packaging-inputs-js.yml @@ -88,12 +88,13 @@ jobs: - uses: ./../action/analyze with: output: ${{ runner.temp }}/results + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Check results uses: ./../action/.github/actions/check-sarif with: sarif-file: ${{ runner.temp }}/results/javascript.sarif - queries-run: + queries-run: javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block queries-not-run: foo,bar diff --git a/.github/workflows/__remote-config.yml b/.github/workflows/__remote-config.yml index d0f0e0d83a..d4deebb4d5 100644 --- a/.github/workflows/__remote-config.yml +++ b/.github/workflows/__remote-config.yml @@ -106,9 +106,12 @@ jobs: languages: cpp,csharp,java,javascript,python config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ github.sha }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Build code shell: bash run: ./build.sh - uses: ./../action/analyze + with: + token: ${{ secrets.CODEQL_TOKEN || github.token }} env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__resolve-environment-action.yml b/.github/workflows/__resolve-environment-action.yml index ab7cb02e37..24ac50ac3f 100644 --- a/.github/workflows/__resolve-environment-action.yml +++ b/.github/workflows/__resolve-environment-action.yml @@ -87,6 +87,7 @@ jobs: languages: ${{ matrix.version == 'stable-v2.13.4' && 'go' || 'go,javascript-typescript' }} tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Resolve environment for Go uses: ./../action/resolve-environment diff --git a/.github/workflows/__rubocop-multi-language.yml b/.github/workflows/__rubocop-multi-language.yml index 9017c3d9a1..f1bba2dbaa 100644 --- a/.github/workflows/__rubocop-multi-language.yml +++ b/.github/workflows/__rubocop-multi-language.yml @@ -80,5 +80,6 @@ jobs: - uses: ./../action/upload-sarif with: sarif_file: rubocop.sarif + token: ${{ secrets.CODEQL_TOKEN || github.token }} env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__ruby.yml b/.github/workflows/__ruby.yml index 2e48a2847d..a1b106ccab 100644 --- a/.github/workflows/__ruby.yml +++ b/.github/workflows/__ruby.yml @@ -74,10 +74,12 @@ jobs: with: languages: ruby tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - uses: ./../action/analyze id: analysis with: upload-database: false + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Check database shell: bash run: | diff --git a/.github/workflows/__scaling-reserved-ram.yml b/.github/workflows/__scaling-reserved-ram.yml index 5ca51822fb..14ce14c264 100644 --- a/.github/workflows/__scaling-reserved-ram.yml +++ b/.github/workflows/__scaling-reserved-ram.yml @@ -91,6 +91,7 @@ jobs: with: db-location: ${{ runner.temp }}/customDbLocation tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - uses: ./../action/.github/actions/setup-swift with: @@ -104,6 +105,7 @@ jobs: id: analysis with: upload-database: false + token: ${{ secrets.CODEQL_TOKEN || github.token }} env: CODEQL_ACTION_SCALING_RESERVED_RAM: true CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__split-workflow.yml b/.github/workflows/__split-workflow.yml index 11820f6ddb..2ee82d7262 100644 --- a/.github/workflows/__split-workflow.yml +++ b/.github/workflows/__split-workflow.yml @@ -76,6 +76,7 @@ jobs: packs: +codeql-testing/codeql-pack1@1.0.0 languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Build code shell: bash run: ./build.sh @@ -84,6 +85,7 @@ jobs: skip-queries: true output: ${{ runner.temp }}/results upload-database: false + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Assert No Results shell: bash @@ -96,6 +98,7 @@ jobs: with: output: ${{ runner.temp }}/results upload-database: false + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Assert Results shell: bash run: | diff --git a/.github/workflows/__submit-sarif-failure.yml b/.github/workflows/__submit-sarif-failure.yml index a50dc1aa92..9ae1398dc6 100644 --- a/.github/workflows/__submit-sarif-failure.yml +++ b/.github/workflows/__submit-sarif-failure.yml @@ -68,6 +68,7 @@ jobs: - uses: ./init with: languages: javascript + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Fail # We want this job to pass if the Action correctly uploads the SARIF file for # the failed run. @@ -81,6 +82,7 @@ jobs: if: false with: category: /test-codeql-version:${{ matrix.version }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} env: # Internal-only environment variable used to indicate that the post-init Action # should expect to upload a SARIF file for the failed run. diff --git a/.github/workflows/__swift-custom-build.yml b/.github/workflows/__swift-custom-build.yml index 1643444139..3e33a5c8e7 100644 --- a/.github/workflows/__swift-custom-build.yml +++ b/.github/workflows/__swift-custom-build.yml @@ -75,6 +75,7 @@ jobs: with: languages: swift tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - uses: ./../action/.github/actions/setup-swift with: codeql-path: ${{steps.init.outputs.codeql-path}} @@ -88,6 +89,7 @@ jobs: id: analysis with: upload-database: false + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Check database shell: bash run: | diff --git a/.github/workflows/__test-autobuild-working-dir.yml b/.github/workflows/__test-autobuild-working-dir.yml index 658f93e95a..5720c6922f 100644 --- a/.github/workflows/__test-autobuild-working-dir.yml +++ b/.github/workflows/__test-autobuild-working-dir.yml @@ -71,12 +71,15 @@ jobs: with: languages: java tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - uses: ./../action/autobuild with: working-directory: autobuild-dir + token: ${{ secrets.CODEQL_TOKEN || github.token }} - uses: ./../action/analyze with: upload-database: false + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Check database shell: bash run: | diff --git a/.github/workflows/__test-local-codeql.yml b/.github/workflows/__test-local-codeql.yml index c4e85c2b5c..d26599e548 100644 --- a/.github/workflows/__test-local-codeql.yml +++ b/.github/workflows/__test-local-codeql.yml @@ -70,6 +70,7 @@ jobs: uses: ./../action/init with: tools: ./codeql-bundle-linux64.tar.gz + token: ${{ secrets.CODEQL_TOKEN || github.token }} - uses: ./../action/.github/actions/setup-swift with: codeql-path: ${{ steps.init.outputs.codeql-path }} @@ -79,5 +80,6 @@ jobs: - uses: ./../action/analyze with: upload-database: false + token: ${{ secrets.CODEQL_TOKEN || github.token }} env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__test-proxy.yml b/.github/workflows/__test-proxy.yml index b393677071..6c5211fc3c 100644 --- a/.github/workflows/__test-proxy.yml +++ b/.github/workflows/__test-proxy.yml @@ -64,9 +64,11 @@ jobs: with: languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - uses: ./../action/analyze with: upload-database: false + token: ${{ secrets.CODEQL_TOKEN || github.token }} env: https_proxy: http://squid-proxy:3128 CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__unset-environment.yml b/.github/workflows/__unset-environment.yml index f8dd0defe6..6b69345f51 100644 --- a/.github/workflows/__unset-environment.yml +++ b/.github/workflows/__unset-environment.yml @@ -77,6 +77,7 @@ jobs: with: db-location: ${{ runner.temp }}/customDbLocation tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - uses: ./../action/.github/actions/setup-swift with: codeql-path: ${{ steps.init.outputs.codeql-path }} @@ -90,6 +91,7 @@ jobs: id: analysis with: upload-database: false + token: ${{ secrets.CODEQL_TOKEN || github.token }} - shell: bash run: | CPP_DB="${{ fromJson(steps.analysis.outputs.db-locations).cpp }}" diff --git a/.github/workflows/__upload-ref-sha-input.yml b/.github/workflows/__upload-ref-sha-input.yml index 37f0e6a16b..b57469a2cf 100644 --- a/.github/workflows/__upload-ref-sha-input.yml +++ b/.github/workflows/__upload-ref-sha-input.yml @@ -70,6 +70,7 @@ jobs: languages: cpp,csharp,java,javascript,python config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ github.sha }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Build code shell: bash run: ./build.sh @@ -83,5 +84,6 @@ jobs: with: ref: refs/heads/main sha: 5e235361806c361d4d3f8859e3c897658025a9a2 + token: ${{ secrets.CODEQL_TOKEN || github.token }} env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__with-checkout-path.yml b/.github/workflows/__with-checkout-path.yml index 22f3960e2e..e7fd85df25 100644 --- a/.github/workflows/__with-checkout-path.yml +++ b/.github/workflows/__with-checkout-path.yml @@ -84,6 +84,7 @@ jobs: # it's enough to test one compiled language and one interpreted language languages: csharp,javascript source-root: x/y/z/some-path/tests/multi-language-repo + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Build code shell: bash @@ -104,6 +105,7 @@ jobs: ref: v1.1.0 sha: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6 checkout_path: x/y/z/some-path/tests/multi-language-repo + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Verify SARIF after upload shell: bash diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 378aa9f305..8222d04727 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -33,6 +33,7 @@ jobs: uses: ./init with: languages: javascript + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Remove empty database # allows us to run init a second time run: | @@ -43,6 +44,7 @@ jobs: with: tools: latest languages: javascript + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Compare default and latest CodeQL bundle versions id: compare env: @@ -91,8 +93,11 @@ jobs: languages: javascript config-file: ./.github/codeql/codeql-config.yml tools: ${{ matrix.tools }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} # confirm steps.init.outputs.codeql-path points to the codeql binary - name: Print CodeQL Version run: ${{steps.init.outputs.codeql-path}} version --format=json - name: Perform CodeQL Analysis uses: ./analyze + with: + token: ${{ secrets.CODEQL_TOKEN || github.token }} diff --git a/.github/workflows/debug-artifacts-failure.yml b/.github/workflows/debug-artifacts-failure.yml index 50c84f6f1e..1e0b1161b5 100644 --- a/.github/workflows/debug-artifacts-failure.yml +++ b/.github/workflows/debug-artifacts-failure.yml @@ -48,6 +48,7 @@ jobs: debug: true debug-artifact-name: my-debug-artifacts debug-database-name: my-db + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Build code shell: bash run: ./build.sh @@ -56,6 +57,7 @@ jobs: with: expect-error: true ram: 1 + token: ${{ secrets.CODEQL_TOKEN || github.token }} download-and-check-artifacts: name: Download and check debug artifacts after failure in analyze needs: upload-artifacts diff --git a/.github/workflows/debug-artifacts.yml b/.github/workflows/debug-artifacts.yml index 53d53ed608..c055f77616 100644 --- a/.github/workflows/debug-artifacts.yml +++ b/.github/workflows/debug-artifacts.yml @@ -65,6 +65,7 @@ jobs: debug: true debug-artifact-name: my-debug-artifacts debug-database-name: my-db + token: ${{ secrets.CODEQL_TOKEN || github.token }} - uses: ./../action/.github/actions/setup-swift with: codeql-path: ${{ steps.init.outputs.codeql-path }} @@ -73,6 +74,8 @@ jobs: run: ./build.sh - uses: ./../action/analyze id: analysis + with: + token: ${{ secrets.CODEQL_TOKEN || github.token }} download-and-check-artifacts: name: Download and check debug artifacts needs: upload-artifacts diff --git a/.github/workflows/expected-queries-runs.yml b/.github/workflows/expected-queries-runs.yml index 59c36b7dad..336f4f5163 100644 --- a/.github/workflows/expected-queries-runs.yml +++ b/.github/workflows/expected-queries-runs.yml @@ -32,6 +32,7 @@ jobs: with: languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - uses: ./../action/analyze with: output: ${{ runner.temp }}/results diff --git a/.github/workflows/python-deps.yml b/.github/workflows/python-deps.yml index 79910225da..35ea82cf4a 100644 --- a/.github/workflows/python-deps.yml +++ b/.github/workflows/python-deps.yml @@ -46,6 +46,7 @@ jobs: tools: latest languages: python setup-python-dependencies: false + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Test Auto Package Installation run: | @@ -93,6 +94,7 @@ jobs: tools: latest languages: python setup-python-dependencies: false + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Test Auto Package Installation run: | @@ -150,6 +152,7 @@ jobs: tools: latest languages: python setup-python-dependencies: false + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Test Auto Package Installation env: diff --git a/.github/workflows/python312-windows.yml b/.github/workflows/python312-windows.yml index 31326de96a..ed28e1dff4 100644 --- a/.github/workflows/python312-windows.yml +++ b/.github/workflows/python312-windows.yml @@ -34,6 +34,7 @@ jobs: with: tools: latest languages: python + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Analyze uses: ./../action/analyze diff --git a/.github/workflows/test-codeql-bundle-all.yml b/.github/workflows/test-codeql-bundle-all.yml index 0ea140261b..0c8ace5c5f 100644 --- a/.github/workflows/test-codeql-bundle-all.yml +++ b/.github/workflows/test-codeql-bundle-all.yml @@ -43,6 +43,7 @@ jobs: uses: ./../action/init with: tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - uses: ./../action/.github/actions/setup-swift with: codeql-path: ${{ steps.init.outputs.codeql-path }} @@ -52,5 +53,6 @@ jobs: - uses: ./../action/analyze with: upload-database: false + token: ${{ secrets.CODEQL_TOKEN || github.token }} env: CODEQL_ACTION_TEST_MODE: true diff --git a/pr-checks/checks/all-platform-bundle.yml b/pr-checks/checks/all-platform-bundle.yml index b681ad6165..1471eb1e3d 100644 --- a/pr-checks/checks/all-platform-bundle.yml +++ b/pr-checks/checks/all-platform-bundle.yml @@ -8,6 +8,7 @@ steps: uses: ./../action/init with: tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - uses: ./../action/.github/actions/setup-swift with: codeql-path: ${{ steps.init.outputs.codeql-path }} @@ -17,3 +18,4 @@ steps: - uses: ./../action/analyze with: upload-database: false + token: ${{ secrets.CODEQL_TOKEN || github.token }} diff --git a/pr-checks/checks/analyze-ref-input.yml b/pr-checks/checks/analyze-ref-input.yml index 7bd309ef11..dabed2d286 100644 --- a/pr-checks/checks/analyze-ref-input.yml +++ b/pr-checks/checks/analyze-ref-input.yml @@ -7,6 +7,7 @@ steps: tools: ${{ steps.prepare-test.outputs.tools-url }} languages: cpp,csharp,java,javascript,python config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ github.sha }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Build code shell: bash run: ./build.sh @@ -15,3 +16,4 @@ steps: upload-database: false ref: 'refs/heads/main' sha: '5e235361806c361d4d3f8859e3c897658025a9a2' + token: ${{ secrets.CODEQL_TOKEN || github.token }} diff --git a/pr-checks/checks/autobuild-action.yml b/pr-checks/checks/autobuild-action.yml index aa3cbdcca6..8e2310cee8 100644 --- a/pr-checks/checks/autobuild-action.yml +++ b/pr-checks/checks/autobuild-action.yml @@ -6,7 +6,10 @@ steps: with: languages: csharp tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - uses: ./../action/autobuild + with: + token: ${{ secrets.CODEQL_TOKEN || github.token }} env: # Explicitly disable the CLR tracer. COR_ENABLE_PROFILING: "" @@ -18,6 +21,7 @@ steps: - uses: ./../action/analyze with: upload-database: false + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Check database shell: bash run: | diff --git a/pr-checks/checks/config-export.yml b/pr-checks/checks/config-export.yml index 7a86701756..2207edb196 100644 --- a/pr-checks/checks/config-export.yml +++ b/pr-checks/checks/config-export.yml @@ -7,10 +7,12 @@ steps: languages: javascript queries: security-extended tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - uses: ./../action/analyze with: output: "${{ runner.temp }}/results" upload-database: false + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Upload SARIF uses: actions/upload-artifact@v3 with: diff --git a/pr-checks/checks/cpp-deptrace-disabled.yml b/pr-checks/checks/cpp-deptrace-disabled.yml index 118d01ae1c..0c8cfdd846 100644 --- a/pr-checks/checks/cpp-deptrace-disabled.yml +++ b/pr-checks/checks/cpp-deptrace-disabled.yml @@ -13,9 +13,11 @@ steps: with: languages: cpp tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - uses: ./../action/autobuild with: working-directory: autobuild-dir + token: ${{ secrets.CODEQL_TOKEN || github.token }} env: CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: false - shell: bash diff --git a/pr-checks/checks/cpp-deptrace-enabled-on-macos.yml b/pr-checks/checks/cpp-deptrace-enabled-on-macos.yml index 8a70f82fa5..b9bc595db5 100644 --- a/pr-checks/checks/cpp-deptrace-enabled-on-macos.yml +++ b/pr-checks/checks/cpp-deptrace-enabled-on-macos.yml @@ -13,9 +13,11 @@ steps: with: languages: cpp tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - uses: ./../action/autobuild with: working-directory: autobuild-dir + token: ${{ secrets.CODEQL_TOKEN || github.token }} env: CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: true - shell: bash diff --git a/pr-checks/checks/cpp-deptrace-enabled.yml b/pr-checks/checks/cpp-deptrace-enabled.yml index b3f7b1b733..2b203bb64f 100644 --- a/pr-checks/checks/cpp-deptrace-enabled.yml +++ b/pr-checks/checks/cpp-deptrace-enabled.yml @@ -13,9 +13,11 @@ steps: with: languages: cpp tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - uses: ./../action/autobuild with: working-directory: autobuild-dir + token: ${{ secrets.CODEQL_TOKEN || github.token }} env: CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: true - shell: bash diff --git a/pr-checks/checks/diagnostics-export.yml b/pr-checks/checks/diagnostics-export.yml index a13580322d..51803ddc51 100644 --- a/pr-checks/checks/diagnostics-export.yml +++ b/pr-checks/checks/diagnostics-export.yml @@ -11,6 +11,7 @@ steps: with: languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Add test diagnostics shell: bash env: @@ -31,6 +32,7 @@ steps: with: output: "${{ runner.temp }}/results" upload-database: false + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Upload SARIF uses: actions/upload-artifact@v3 with: diff --git a/pr-checks/checks/export-file-baseline-information.yml b/pr-checks/checks/export-file-baseline-information.yml index f0a8a5d853..78b0e63872 100644 --- a/pr-checks/checks/export-file-baseline-information.yml +++ b/pr-checks/checks/export-file-baseline-information.yml @@ -9,6 +9,7 @@ steps: with: languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - uses: ./../action/.github/actions/setup-swift with: codeql-path: ${{ steps.init.outputs.codeql-path }} @@ -18,6 +19,7 @@ steps: - uses: ./../action/analyze with: output: "${{ runner.temp }}/results" + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Upload SARIF uses: actions/upload-artifact@v3 with: diff --git a/pr-checks/checks/extractor-ram-threads.yml b/pr-checks/checks/extractor-ram-threads.yml index 996d8b4bde..b71d196ceb 100644 --- a/pr-checks/checks/extractor-ram-threads.yml +++ b/pr-checks/checks/extractor-ram-threads.yml @@ -8,6 +8,7 @@ steps: languages: java ram: 230 threads: 1 + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Assert Results shell: bash run: | diff --git a/pr-checks/checks/go-custom-queries.yml b/pr-checks/checks/go-custom-queries.yml index 4d15805971..bb11f442cf 100644 --- a/pr-checks/checks/go-custom-queries.yml +++ b/pr-checks/checks/go-custom-queries.yml @@ -8,9 +8,11 @@ steps: languages: go config-file: ./.github/codeql/custom-queries.yml tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Build code shell: bash run: ./build.sh - uses: ./../action/analyze with: upload-database: false + token: ${{ secrets.CODEQL_TOKEN || github.token }} diff --git a/pr-checks/checks/go-indirect-tracing-workaround-diagnostic.yml b/pr-checks/checks/go-indirect-tracing-workaround-diagnostic.yml index 39966b52cd..54a0ef5382 100644 --- a/pr-checks/checks/go-indirect-tracing-workaround-diagnostic.yml +++ b/pr-checks/checks/go-indirect-tracing-workaround-diagnostic.yml @@ -13,6 +13,7 @@ steps: with: languages: go tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} # Deliberately change Go after the `init` step - uses: actions/setup-go@v5 with: @@ -24,6 +25,7 @@ steps: with: output: "${{ runner.temp }}/results" upload-database: false + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Check diagnostic appears in SARIF uses: actions/github-script@v7 env: diff --git a/pr-checks/checks/go-indirect-tracing-workaround.yml b/pr-checks/checks/go-indirect-tracing-workaround.yml index a7b105788b..427468cf4d 100644 --- a/pr-checks/checks/go-indirect-tracing-workaround.yml +++ b/pr-checks/checks/go-indirect-tracing-workaround.yml @@ -13,12 +13,14 @@ steps: with: languages: go tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Build code shell: bash run: go build main.go - uses: ./../action/analyze with: upload-database: false + token: ${{ secrets.CODEQL_TOKEN || github.token }} - shell: bash run: | if [[ -z "${CODEQL_ACTION_GO_BINARY}" ]]; then diff --git a/pr-checks/checks/go-tracing-autobuilder.yml b/pr-checks/checks/go-tracing-autobuilder.yml index 8a1c757821..4dcc106712 100644 --- a/pr-checks/checks/go-tracing-autobuilder.yml +++ b/pr-checks/checks/go-tracing-autobuilder.yml @@ -11,10 +11,14 @@ steps: with: languages: go tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - uses: ./../action/autobuild + with: + token: ${{ secrets.CODEQL_TOKEN || github.token }} - uses: ./../action/analyze with: upload-database: false + token: ${{ secrets.CODEQL_TOKEN || github.token }} - shell: bash run: | if [[ "${CODEQL_ACTION_DID_AUTOBUILD_GOLANG}" != true ]]; then diff --git a/pr-checks/checks/go-tracing-custom-build-steps.yml b/pr-checks/checks/go-tracing-custom-build-steps.yml index 46d0f07d8c..0d18e7d724 100644 --- a/pr-checks/checks/go-tracing-custom-build-steps.yml +++ b/pr-checks/checks/go-tracing-custom-build-steps.yml @@ -9,12 +9,14 @@ steps: with: languages: go tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Build code shell: bash run: go build main.go - uses: ./../action/analyze with: upload-database: false + token: ${{ secrets.CODEQL_TOKEN || github.token }} - shell: bash run: | # Once we start running Bash 4.2 in all environments, we can replace the diff --git a/pr-checks/checks/go-tracing-legacy-workflow.yml b/pr-checks/checks/go-tracing-legacy-workflow.yml index bdcedf0408..02894b2422 100644 --- a/pr-checks/checks/go-tracing-legacy-workflow.yml +++ b/pr-checks/checks/go-tracing-legacy-workflow.yml @@ -11,9 +11,11 @@ steps: with: languages: go tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - uses: ./../action/analyze with: upload-database: false + token: ${{ secrets.CODEQL_TOKEN || github.token }} - shell: bash run: | cd "$RUNNER_TEMP/codeql_databases" diff --git a/pr-checks/checks/init-with-registries.yml b/pr-checks/checks/init-with-registries.yml index f0ef501cbe..2a72410573 100644 --- a/pr-checks/checks/init-with-registries.yml +++ b/pr-checks/checks/init-with-registries.yml @@ -26,7 +26,7 @@ steps: registries: | - url: "https://ghcr.io/v2/" packages: "*/*" - token: "${{ secrets.GITHUB_TOKEN }}" + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Verify packages installed shell: bash diff --git a/pr-checks/checks/javascript-source-root.yml b/pr-checks/checks/javascript-source-root.yml index 9869f0a425..a8471329e7 100644 --- a/pr-checks/checks/javascript-source-root.yml +++ b/pr-checks/checks/javascript-source-root.yml @@ -13,6 +13,7 @@ steps: languages: javascript source-root: ../new-source-root tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - uses: ./../action/analyze with: upload-database: false diff --git a/pr-checks/checks/language-aliases.yml b/pr-checks/checks/language-aliases.yml index c4441923dd..eff6667015 100644 --- a/pr-checks/checks/language-aliases.yml +++ b/pr-checks/checks/language-aliases.yml @@ -7,6 +7,7 @@ steps: with: languages: C#,java-kotlin,swift,typescript tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: "Check languages" run: | diff --git a/pr-checks/checks/multi-language-autodetect.yml b/pr-checks/checks/multi-language-autodetect.yml index 9ed1e85b8d..d7b1f1c5c3 100644 --- a/pr-checks/checks/multi-language-autodetect.yml +++ b/pr-checks/checks/multi-language-autodetect.yml @@ -7,6 +7,7 @@ steps: with: db-location: "${{ runner.temp }}/customDbLocation" tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - uses: ./../action/.github/actions/setup-swift with: @@ -20,6 +21,7 @@ steps: id: analysis with: upload-database: false + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Check language autodetect for all languages excluding Swift shell: bash diff --git a/pr-checks/checks/packaging-codescanning-config-inputs-js.yml b/pr-checks/checks/packaging-codescanning-config-inputs-js.yml index 039108cd8a..d83036c23a 100644 --- a/pr-checks/checks/packaging-codescanning-config-inputs-js.yml +++ b/pr-checks/checks/packaging-codescanning-config-inputs-js.yml @@ -8,6 +8,7 @@ steps: packs: +codeql-testing/codeql-pack1@1.0.0 languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Build code shell: bash run: ./build.sh @@ -15,6 +16,7 @@ steps: with: output: "${{ runner.temp }}/results" upload-database: false + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Check results uses: ./../action/.github/actions/check-sarif diff --git a/pr-checks/checks/packaging-config-inputs-js.yml b/pr-checks/checks/packaging-config-inputs-js.yml index a20c5d44dc..3cb9328bea 100644 --- a/pr-checks/checks/packaging-config-inputs-js.yml +++ b/pr-checks/checks/packaging-config-inputs-js.yml @@ -8,6 +8,7 @@ steps: packs: +codeql-testing/codeql-pack1@1.0.0 languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Build code shell: bash run: ./build.sh @@ -15,6 +16,7 @@ steps: with: output: "${{ runner.temp }}/results" upload-database: false + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Check results uses: ./../action/.github/actions/check-sarif diff --git a/pr-checks/checks/packaging-config-js.yml b/pr-checks/checks/packaging-config-js.yml index 084a8ad72d..9d9ee1c870 100644 --- a/pr-checks/checks/packaging-config-js.yml +++ b/pr-checks/checks/packaging-config-js.yml @@ -7,6 +7,7 @@ steps: config-file: ".github/codeql/codeql-config-packaging.yml" languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Build code shell: bash run: ./build.sh @@ -14,6 +15,7 @@ steps: with: output: "${{ runner.temp }}/results" upload-database: false + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Check results uses: ./../action/.github/actions/check-sarif diff --git a/pr-checks/checks/packaging-inputs-js.yml b/pr-checks/checks/packaging-inputs-js.yml index ff1e35a366..07a61dddbf 100644 --- a/pr-checks/checks/packaging-inputs-js.yml +++ b/pr-checks/checks/packaging-inputs-js.yml @@ -8,12 +8,14 @@ steps: languages: javascript packs: codeql-testing/codeql-pack1@1.0.0, codeql-testing/codeql-pack2, codeql-testing/codeql-pack3:other-query.ql tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Build code shell: bash run: ./build.sh - uses: ./../action/analyze with: output: "${{ runner.temp }}/results" + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Check results uses: ./../action/.github/actions/check-sarif diff --git a/pr-checks/checks/remote-config.yml b/pr-checks/checks/remote-config.yml index 918c1cd0da..72783d0b34 100644 --- a/pr-checks/checks/remote-config.yml +++ b/pr-checks/checks/remote-config.yml @@ -6,7 +6,10 @@ steps: tools: ${{ steps.prepare-test.outputs.tools-url }} languages: cpp,csharp,java,javascript,python config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ github.sha }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Build code shell: bash run: ./build.sh - uses: ./../action/analyze + with: + token: ${{ secrets.CODEQL_TOKEN || github.token }} diff --git a/pr-checks/checks/resolve-environment-action.yml b/pr-checks/checks/resolve-environment-action.yml index 5c57647049..a35a872816 100644 --- a/pr-checks/checks/resolve-environment-action.yml +++ b/pr-checks/checks/resolve-environment-action.yml @@ -6,6 +6,7 @@ steps: with: languages: ${{ matrix.version == 'stable-v2.13.4' && 'go' || 'go,javascript-typescript' }} tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Resolve environment for Go uses: ./../action/resolve-environment diff --git a/pr-checks/checks/rubocop-multi-language.yml b/pr-checks/checks/rubocop-multi-language.yml index 90b41b6fa7..2cdd41b7d8 100644 --- a/pr-checks/checks/rubocop-multi-language.yml +++ b/pr-checks/checks/rubocop-multi-language.yml @@ -24,3 +24,4 @@ steps: - uses: ./../action/upload-sarif with: sarif_file: rubocop.sarif + token: ${{ secrets.CODEQL_TOKEN || github.token }} diff --git a/pr-checks/checks/ruby.yml b/pr-checks/checks/ruby.yml index a857fd3409..1b4a3c3f60 100644 --- a/pr-checks/checks/ruby.yml +++ b/pr-checks/checks/ruby.yml @@ -7,10 +7,12 @@ steps: with: languages: ruby tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - uses: ./../action/analyze id: analysis with: upload-database: false + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Check database shell: bash run: | diff --git a/pr-checks/checks/scaling-reserved-ram.yml b/pr-checks/checks/scaling-reserved-ram.yml index fe2366ed7d..0ac0ae585a 100644 --- a/pr-checks/checks/scaling-reserved-ram.yml +++ b/pr-checks/checks/scaling-reserved-ram.yml @@ -9,6 +9,7 @@ steps: with: db-location: "${{ runner.temp }}/customDbLocation" tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - uses: ./../action/.github/actions/setup-swift with: @@ -22,3 +23,4 @@ steps: id: analysis with: upload-database: false + token: ${{ secrets.CODEQL_TOKEN || github.token }} diff --git a/pr-checks/checks/split-workflow.yml b/pr-checks/checks/split-workflow.yml index c752eca67c..e77dd281d7 100644 --- a/pr-checks/checks/split-workflow.yml +++ b/pr-checks/checks/split-workflow.yml @@ -9,6 +9,7 @@ steps: packs: +codeql-testing/codeql-pack1@1.0.0 languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Build code shell: bash run: ./build.sh @@ -17,6 +18,7 @@ steps: skip-queries: true output: "${{ runner.temp }}/results" upload-database: false + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Assert No Results shell: bash @@ -29,6 +31,7 @@ steps: with: output: "${{ runner.temp }}/results" upload-database: false + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Assert Results shell: bash run: | diff --git a/pr-checks/checks/submit-sarif-failure.yml b/pr-checks/checks/submit-sarif-failure.yml index eba3b2220f..c9c1d3a160 100644 --- a/pr-checks/checks/submit-sarif-failure.yml +++ b/pr-checks/checks/submit-sarif-failure.yml @@ -19,6 +19,7 @@ steps: - uses: ./init with: languages: javascript + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Fail # We want this job to pass if the Action correctly uploads the SARIF file for # the failed run. @@ -32,3 +33,4 @@ steps: if: false with: category: "/test-codeql-version:${{ matrix.version }}" + token: ${{ secrets.CODEQL_TOKEN || github.token }} diff --git a/pr-checks/checks/swift-custom-build.yml b/pr-checks/checks/swift-custom-build.yml index a5da41f568..f417955ace 100644 --- a/pr-checks/checks/swift-custom-build.yml +++ b/pr-checks/checks/swift-custom-build.yml @@ -10,6 +10,7 @@ steps: with: languages: swift tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - uses: ./../action/.github/actions/setup-swift with: codeql-path: ${{steps.init.outputs.codeql-path}} @@ -23,6 +24,7 @@ steps: id: analysis with: upload-database: false + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Check database shell: bash run: | diff --git a/pr-checks/checks/test-autobuild-working-dir.yml b/pr-checks/checks/test-autobuild-working-dir.yml index 56338ee325..dd5569da50 100644 --- a/pr-checks/checks/test-autobuild-working-dir.yml +++ b/pr-checks/checks/test-autobuild-working-dir.yml @@ -14,12 +14,15 @@ steps: with: languages: java tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - uses: ./../action/autobuild with: working-directory: autobuild-dir + token: ${{ secrets.CODEQL_TOKEN || github.token }} - uses: ./../action/analyze with: upload-database: false + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Check database shell: bash run: | diff --git a/pr-checks/checks/test-local-codeql.yml b/pr-checks/checks/test-local-codeql.yml index 417c717dd2..892e20a46d 100644 --- a/pr-checks/checks/test-local-codeql.yml +++ b/pr-checks/checks/test-local-codeql.yml @@ -13,6 +13,7 @@ steps: uses: ./../action/init with: tools: ./codeql-bundle-linux64.tar.gz + token: ${{ secrets.CODEQL_TOKEN || github.token }} - uses: ./../action/.github/actions/setup-swift with: codeql-path: ${{ steps.init.outputs.codeql-path }} @@ -22,3 +23,4 @@ steps: - uses: ./../action/analyze with: upload-database: false + token: ${{ secrets.CODEQL_TOKEN || github.token }} diff --git a/pr-checks/checks/test-proxy.yml b/pr-checks/checks/test-proxy.yml index 33955004e7..b950008db2 100644 --- a/pr-checks/checks/test-proxy.yml +++ b/pr-checks/checks/test-proxy.yml @@ -17,6 +17,8 @@ steps: with: languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - uses: ./../action/analyze with: upload-database: false + token: ${{ secrets.CODEQL_TOKEN || github.token }} diff --git a/pr-checks/checks/unset-environment.yml b/pr-checks/checks/unset-environment.yml index 2161bfc9dd..51d885dd48 100644 --- a/pr-checks/checks/unset-environment.yml +++ b/pr-checks/checks/unset-environment.yml @@ -7,6 +7,7 @@ steps: with: db-location: ${{ runner.temp }}/customDbLocation tools: ${{ steps.prepare-test.outputs.tools-url }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - uses: ./../action/.github/actions/setup-swift with: codeql-path: ${{ steps.init.outputs.codeql-path }} @@ -19,6 +20,7 @@ steps: id: analysis with: upload-database: false + token: ${{ secrets.CODEQL_TOKEN || github.token }} - shell: bash run: | CPP_DB="${{ fromJson(steps.analysis.outputs.db-locations).cpp }}" diff --git a/pr-checks/checks/upload-ref-sha-input.yml b/pr-checks/checks/upload-ref-sha-input.yml index ffd339b598..e4a64efe0d 100644 --- a/pr-checks/checks/upload-ref-sha-input.yml +++ b/pr-checks/checks/upload-ref-sha-input.yml @@ -7,6 +7,7 @@ steps: tools: ${{ steps.prepare-test.outputs.tools-url }} languages: cpp,csharp,java,javascript,python config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ github.sha }} + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Build code shell: bash run: ./build.sh @@ -20,3 +21,4 @@ steps: with: ref: 'refs/heads/main' sha: '5e235361806c361d4d3f8859e3c897658025a9a2' + token: ${{ secrets.CODEQL_TOKEN || github.token }} diff --git a/pr-checks/checks/with-checkout-path.yml b/pr-checks/checks/with-checkout-path.yml index 481a624c29..b2a10b5c97 100644 --- a/pr-checks/checks/with-checkout-path.yml +++ b/pr-checks/checks/with-checkout-path.yml @@ -23,6 +23,7 @@ steps: # it's enough to test one compiled language and one interpreted language languages: csharp,javascript source-root: x/y/z/some-path/tests/multi-language-repo + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Build code shell: bash @@ -43,6 +44,7 @@ steps: ref: v1.1.0 sha: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6 checkout_path: x/y/z/some-path/tests/multi-language-repo + token: ${{ secrets.CODEQL_TOKEN || github.token }} - name: Verify SARIF after upload shell: bash