From 9f32769e43064e68fb0fa0a4624348a763d870ee Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Wed, 15 May 2024 09:44:06 +0100 Subject: [PATCH 01/11] Update docs for `build-mode: autobuild` The `autobuild` Action is no longer needed or recommended. --- init/action.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/init/action.yml b/init/action.yml index 7124bb905b..4cbb012399 100644 --- a/init/action.yml +++ b/init/action.yml @@ -36,10 +36,7 @@ inputs: - `none`: The database will be created without building the source code. Available for all interpreted languages and some compiled languages. - `autobuild`: The database will be created by attempting to automatically build the source - code. - To use this build mode, ensure that your workflow calls the `autobuild` action - between the `init` and `analyze` steps. - Available for all compiled languages. + code. Available for all compiled languages. - `manual`: The database will be created by building the source code using a manually specified build command. To use this build mode, specify manual build steps in your workflow between the `init` and `analyze` steps. Available for all From de1ac31508c6bbe87b7dda97b8eeb62817061fc4 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 15 May 2024 13:44:51 +0000 Subject: [PATCH 02/11] Update default bundle to codeql-bundle-v2.17.3 --- lib/defaults.json | 8 ++++---- src/defaults.json | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/lib/defaults.json b/lib/defaults.json index 16629c81f3..a96dc10e56 100644 --- a/lib/defaults.json +++ b/lib/defaults.json @@ -1,6 +1,6 @@ { - "bundleVersion": "codeql-bundle-v2.17.2", - "cliVersion": "2.17.2", - "priorBundleVersion": "codeql-bundle-v2.17.1", - "priorCliVersion": "2.17.1" + "bundleVersion": "codeql-bundle-v2.17.3", + "cliVersion": "2.17.3", + "priorBundleVersion": "codeql-bundle-v2.17.2", + "priorCliVersion": "2.17.2" } diff --git a/src/defaults.json b/src/defaults.json index 3761429c64..2f4eb0e6de 100644 --- a/src/defaults.json +++ b/src/defaults.json @@ -1,6 +1,6 @@ { - "bundleVersion": "codeql-bundle-v2.17.2", - "cliVersion": "2.17.2", - "priorBundleVersion": "codeql-bundle-v2.17.1", - "priorCliVersion": "2.17.1" + "bundleVersion": "codeql-bundle-v2.17.3", + "cliVersion": "2.17.3", + "priorBundleVersion": "codeql-bundle-v2.17.2", + "priorCliVersion": "2.17.2" } From e9e27290e9f6fb2125c88320c1c8cfde73daa118 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 15 May 2024 13:44:54 +0000 Subject: [PATCH 03/11] Add changelog note --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5895de5c22..5c541c2819 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,7 +6,7 @@ Note that the only difference between `v2` and `v3` of the CodeQL Action is the ## [UNRELEASED] -No user facing changes. +- Update default CodeQL bundle version to 2.17.3. [#2295](https://github.com/github/codeql-action/pull/2295) ## 3.25.5 - 13 May 2024 From 445165beea58796c475f52a6ce8c5b1ecf84177c Mon Sep 17 00:00:00 2001 From: Angela P Wen Date: Fri, 17 May 2024 15:08:08 -0700 Subject: [PATCH 04/11] PR Checks: disable tests for Swift on Linux until CLI 2.17.4 --- .../workflows/__multi-language-autodetect.yml | 16 ---------------- .github/workflows/__scaling-reserved-ram.yml | 16 ---------------- .github/workflows/__swift-custom-build.yml | 6 ------ .github/workflows/__unset-environment.yml | 16 ++++++++-------- .github/workflows/debug-artifacts.yml | 2 +- pr-checks/checks/multi-language-autodetect.yml | 3 ++- pr-checks/checks/scaling-reserved-ram.yml | 3 ++- pr-checks/checks/swift-custom-build.yml | 3 ++- pr-checks/checks/unset-environment.yml | 2 +- 9 files changed, 16 insertions(+), 51 deletions(-) diff --git a/.github/workflows/__multi-language-autodetect.yml b/.github/workflows/__multi-language-autodetect.yml index 618567e453..139630ad9b 100644 --- a/.github/workflows/__multi-language-autodetect.yml +++ b/.github/workflows/__multi-language-autodetect.yml @@ -28,36 +28,20 @@ jobs: fail-fast: false matrix: include: - - os: ubuntu-latest - version: stable-20230403 - os: macos-12 version: stable-20230403 - - os: ubuntu-latest - version: stable-v2.13.5 - os: macos-12 version: stable-v2.13.5 - - os: ubuntu-latest - version: stable-v2.14.6 - os: macos-12 version: stable-v2.14.6 - - os: ubuntu-latest - version: stable-v2.15.5 - os: macos-latest version: stable-v2.15.5 - - os: ubuntu-latest - version: stable-v2.16.6 - os: macos-latest version: stable-v2.16.6 - - os: ubuntu-latest - version: default - os: macos-latest version: default - - os: ubuntu-latest - version: latest - os: macos-latest version: latest - - os: ubuntu-latest - version: nightly-latest - os: macos-latest version: nightly-latest name: Multi-language repository diff --git a/.github/workflows/__scaling-reserved-ram.yml b/.github/workflows/__scaling-reserved-ram.yml index 4c4b02f684..ecf944bc42 100644 --- a/.github/workflows/__scaling-reserved-ram.yml +++ b/.github/workflows/__scaling-reserved-ram.yml @@ -28,36 +28,20 @@ jobs: fail-fast: false matrix: include: - - os: ubuntu-latest - version: stable-20230403 - os: macos-12 version: stable-20230403 - - os: ubuntu-latest - version: stable-v2.13.5 - os: macos-12 version: stable-v2.13.5 - - os: ubuntu-latest - version: stable-v2.14.6 - os: macos-12 version: stable-v2.14.6 - - os: ubuntu-latest - version: stable-v2.15.5 - os: macos-latest version: stable-v2.15.5 - - os: ubuntu-latest - version: stable-v2.16.6 - os: macos-latest version: stable-v2.16.6 - - os: ubuntu-latest - version: default - os: macos-latest version: default - - os: ubuntu-latest - version: latest - os: macos-latest version: latest - - os: ubuntu-latest - version: nightly-latest - os: macos-latest version: nightly-latest name: Scaling reserved RAM diff --git a/.github/workflows/__swift-custom-build.yml b/.github/workflows/__swift-custom-build.yml index 60560f2b50..040728a595 100644 --- a/.github/workflows/__swift-custom-build.yml +++ b/.github/workflows/__swift-custom-build.yml @@ -28,16 +28,10 @@ jobs: fail-fast: false matrix: include: - - os: ubuntu-latest - version: latest - os: macos-latest version: latest - - os: ubuntu-latest - version: default - os: macos-latest version: default - - os: ubuntu-latest - version: nightly-latest - os: macos-latest version: nightly-latest name: Swift analysis using a custom build command diff --git a/.github/workflows/__unset-environment.yml b/.github/workflows/__unset-environment.yml index 7d2e3a9740..c91238ae7e 100644 --- a/.github/workflows/__unset-environment.yml +++ b/.github/workflows/__unset-environment.yml @@ -28,21 +28,21 @@ jobs: fail-fast: false matrix: include: - - os: ubuntu-latest + - os: macos-12 version: stable-20230403 - - os: ubuntu-latest + - os: macos-12 version: stable-v2.13.5 - - os: ubuntu-latest + - os: macos-12 version: stable-v2.14.6 - - os: ubuntu-latest + - os: macos-latest version: stable-v2.15.5 - - os: ubuntu-latest + - os: macos-latest version: stable-v2.16.6 - - os: ubuntu-latest + - os: macos-latest version: default - - os: ubuntu-latest + - os: macos-latest version: latest - - os: ubuntu-latest + - os: macos-latest version: nightly-latest name: Test unsetting environment variables permissions: diff --git a/.github/workflows/debug-artifacts.yml b/.github/workflows/debug-artifacts.yml index 30e6550f7e..65ee73d7b9 100644 --- a/.github/workflows/debug-artifacts.yml +++ b/.github/workflows/debug-artifacts.yml @@ -37,7 +37,7 @@ jobs: env: CODEQL_ACTION_TEST_MODE: true timeout-minutes: 45 - runs-on: ubuntu-latest + runs-on: macos-latest # TODO: Switch back to ubuntu for `nightly-latest` and `latest` once CLI v2.17.4 is available. steps: - name: Check out repository uses: actions/checkout@v4 diff --git a/pr-checks/checks/multi-language-autodetect.yml b/pr-checks/checks/multi-language-autodetect.yml index 379938c5a2..89efa2ca5c 100644 --- a/pr-checks/checks/multi-language-autodetect.yml +++ b/pr-checks/checks/multi-language-autodetect.yml @@ -1,6 +1,7 @@ name: "Multi-language repository" description: "An end-to-end integration test of a multi-language repository using automatic language detection" -operatingSystems: ["ubuntu", "macos"] +# TODO: Add ubuntu back for `nightly-latest` and `latest` once CLI v2.17.4 is available. +operatingSystems: ["macos"] steps: - uses: actions/setup-go@v5 with: diff --git a/pr-checks/checks/scaling-reserved-ram.yml b/pr-checks/checks/scaling-reserved-ram.yml index cd8d56746e..acd6c2b24b 100644 --- a/pr-checks/checks/scaling-reserved-ram.yml +++ b/pr-checks/checks/scaling-reserved-ram.yml @@ -1,6 +1,7 @@ name: "Scaling reserved RAM" description: "An end-to-end integration test of a multi-language repository with the scaling_reserved_ram feature flag enabled" -operatingSystems: ["ubuntu", "macos"] +# TODO: Add ubuntu back for `nightly-latest` and `latest` once CLI v2.17.4 is available. +operatingSystems: ["macos"] env: CODEQL_ACTION_SCALING_RESERVED_RAM: true steps: diff --git a/pr-checks/checks/swift-custom-build.yml b/pr-checks/checks/swift-custom-build.yml index a5da41f568..b66c45e9e6 100644 --- a/pr-checks/checks/swift-custom-build.yml +++ b/pr-checks/checks/swift-custom-build.yml @@ -1,7 +1,8 @@ name: "Swift analysis using a custom build command" description: "Tests creation of a Swift database using custom build" versions: ["latest", "default", "nightly-latest"] -operatingSystems: ["ubuntu", "macos"] +# TODO: Add ubuntu back for `nightly-latest` and `latest` once CLI v2.17.4 is available. +operatingSystems: ["macos"] env: DOTNET_GENERATE_ASPNET_CERTIFICATE: "false" steps: diff --git a/pr-checks/checks/unset-environment.yml b/pr-checks/checks/unset-environment.yml index 2161bfc9dd..a31cf2862d 100644 --- a/pr-checks/checks/unset-environment.yml +++ b/pr-checks/checks/unset-environment.yml @@ -1,6 +1,6 @@ name: "Test unsetting environment variables" description: "An end-to-end integration test that unsets some environment variables" -operatingSystems: ["ubuntu"] +operatingSystems: ["macos"] # TODO: Switch back to ubuntu for `nightly-latest` and `latest` once CLI v2.17.4 is available. steps: - uses: ./../action/init id: init From 46fc2c9526e7f482a8a076889b058c00beb583e8 Mon Sep 17 00:00:00 2001 From: Angela P Wen Date: Fri, 17 May 2024 15:16:54 -0700 Subject: [PATCH 05/11] PR Checks: remove old versions from debug artifacts check Now that this check is running on MacOS, it runs into a known issue with the build tracer on ARM Macs that was fixed in CLI v2.15.1. --- .github/workflows/debug-artifacts.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/debug-artifacts.yml b/.github/workflows/debug-artifacts.yml index 65ee73d7b9..4bd88a2e63 100644 --- a/.github/workflows/debug-artifacts.yml +++ b/.github/workflows/debug-artifacts.yml @@ -25,9 +25,9 @@ jobs: fail-fast: false matrix: version: - - stable-20230403 - - stable-v2.13.5 - - stable-v2.14.6 + # TODO: Once CLI v2.17.4 is available and the platform is switched back to ubuntu, + # stable-20230403, stable-v2.13.5, and stable-v2.14.6 can be added back to this matrix. + # Prior to CLI v2.15.1, ARM runners were not supported by the build tracer. - stable-v2.15.5 - stable-v2.16.6 - default From 23c1981a3fb0f315ea6fc76a7a08b3bce8d7a770 Mon Sep 17 00:00:00 2001 From: Angela P Wen Date: Fri, 17 May 2024 15:33:30 -0700 Subject: [PATCH 06/11] PR check: add explicit `setup-go` step to unset-env check Go has been removed from the PATH in the most recent Mac runner images rollouts. --- .github/workflows/__unset-environment.yml | 3 +++ pr-checks/checks/unset-environment.yml | 3 +++ 2 files changed, 6 insertions(+) diff --git a/.github/workflows/__unset-environment.yml b/.github/workflows/__unset-environment.yml index c91238ae7e..18ba2ac6d3 100644 --- a/.github/workflows/__unset-environment.yml +++ b/.github/workflows/__unset-environment.yml @@ -79,6 +79,9 @@ jobs: - uses: ./../action/.github/actions/setup-swift with: codeql-path: ${{ steps.init.outputs.codeql-path }} + - uses: actions/setup-go@v5 + with: + go-version: '>=1.21.0' - name: Build code shell: bash # Disable Kotlin analysis while it's incompatible with Kotlin 1.8, until we find a diff --git a/pr-checks/checks/unset-environment.yml b/pr-checks/checks/unset-environment.yml index a31cf2862d..0d02833518 100644 --- a/pr-checks/checks/unset-environment.yml +++ b/pr-checks/checks/unset-environment.yml @@ -10,6 +10,9 @@ steps: - uses: ./../action/.github/actions/setup-swift with: codeql-path: ${{ steps.init.outputs.codeql-path }} + - uses: actions/setup-go@v5 + with: + go-version: '>=1.21.0' - name: Build code shell: bash # Disable Kotlin analysis while it's incompatible with Kotlin 1.8, until we find a From b0a1d92ae332dc962a757defd3c6d5c8a245157c Mon Sep 17 00:00:00 2001 From: Angela P Wen Date: Fri, 17 May 2024 15:47:35 -0700 Subject: [PATCH 07/11] PR checks: stop running unset-env on two old CLI versions Looks like there was a bug in the oldest two CLI versions, on `macos-12` here. --- .github/workflows/__unset-environment.yml | 8 ++------ pr-checks/checks/unset-environment.yml | 2 ++ 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/.github/workflows/__unset-environment.yml b/.github/workflows/__unset-environment.yml index 18ba2ac6d3..024c496d13 100644 --- a/.github/workflows/__unset-environment.yml +++ b/.github/workflows/__unset-environment.yml @@ -28,20 +28,16 @@ jobs: fail-fast: false matrix: include: - - os: macos-12 - version: stable-20230403 - - os: macos-12 - version: stable-v2.13.5 - os: macos-12 version: stable-v2.14.6 - os: macos-latest version: stable-v2.15.5 - os: macos-latest version: stable-v2.16.6 - - os: macos-latest - version: default - os: macos-latest version: latest + - os: macos-latest + version: default - os: macos-latest version: nightly-latest name: Test unsetting environment variables diff --git a/pr-checks/checks/unset-environment.yml b/pr-checks/checks/unset-environment.yml index 0d02833518..445ad99e27 100644 --- a/pr-checks/checks/unset-environment.yml +++ b/pr-checks/checks/unset-environment.yml @@ -1,5 +1,7 @@ name: "Test unsetting environment variables" description: "An end-to-end integration test that unsets some environment variables" +# TODO: Switch back to all versions once CLI v2.17.4 is available and running on ubuntu again. +versions: ["stable-v2.14.6", "stable-v2.15.5", "stable-v2.16.6", "latest", "default", "nightly-latest"] operatingSystems: ["macos"] # TODO: Switch back to ubuntu for `nightly-latest` and `latest` once CLI v2.17.4 is available. steps: - uses: ./../action/init From 7c4668115d8ac89fcadc6fdb357dda44afd6be68 Mon Sep 17 00:00:00 2001 From: Angela P Wen Date: Fri, 17 May 2024 16:07:47 -0700 Subject: [PATCH 08/11] Also remove old versions from debug artifacts download step --- .github/workflows/debug-artifacts.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/debug-artifacts.yml b/.github/workflows/debug-artifacts.yml index 4bd88a2e63..038a5337e9 100644 --- a/.github/workflows/debug-artifacts.yml +++ b/.github/workflows/debug-artifacts.yml @@ -26,7 +26,8 @@ jobs: matrix: version: # TODO: Once CLI v2.17.4 is available and the platform is switched back to ubuntu, - # stable-20230403, stable-v2.13.5, and stable-v2.14.6 can be added back to this matrix. + # stable-20230403, stable-v2.13.5, and stable-v2.14.6 can be added back to this matrix, + # and the VERSIONS variable in the bash script below. # Prior to CLI v2.15.1, ARM runners were not supported by the build tracer. - stable-v2.15.5 - stable-v2.16.6 @@ -75,7 +76,7 @@ jobs: - name: Check expected artifacts exist shell: bash run: | - VERSIONS="stable-20230403 stable-v2.13.5 stable-v2.14.6 stable-v2.15.5 stable-v2.16.6 default latest nightly-latest" + VERSIONS="stable-v2.15.5 stable-v2.16.6 default latest nightly-latest" LANGUAGES="cpp csharp go java javascript python" for version in $VERSIONS; do pushd "./my-debug-artifacts-${version//./}" From 00792ab1e0a5e45d2ff0c2426424bf7044bb27d0 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 20 May 2024 13:52:44 +0000 Subject: [PATCH 09/11] Update changelog for v3.25.6 --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5c541c2819..ec2fc4786a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th Note that the only difference between `v2` and `v3` of the CodeQL Action is the node version they support, with `v3` running on node 20 while we continue to release `v2` to support running on node 16. For example `3.22.11` was the first `v3` release and is functionally identical to `2.22.11`. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers. -## [UNRELEASED] +## 3.25.6 - 20 May 2024 - Update default CodeQL bundle version to 2.17.3. [#2295](https://github.com/github/codeql-action/pull/2295) From b2dad927244ce18171cbd25fe848e2e82237f9c1 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 20 May 2024 14:27:31 +0000 Subject: [PATCH 10/11] Update changelog and version after v3.25.6 --- CHANGELOG.md | 4 ++++ package-lock.json | 4 ++-- package.json | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ec2fc4786a..b38cfd7d14 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,10 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th Note that the only difference between `v2` and `v3` of the CodeQL Action is the node version they support, with `v3` running on node 20 while we continue to release `v2` to support running on node 16. For example `3.22.11` was the first `v3` release and is functionally identical to `2.22.11`. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers. +## [UNRELEASED] + +No user facing changes. + ## 3.25.6 - 20 May 2024 - Update default CodeQL bundle version to 2.17.3. [#2295](https://github.com/github/codeql-action/pull/2295) diff --git a/package-lock.json b/package-lock.json index b581b6c988..24f2b92530 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "codeql", - "version": "3.25.6", + "version": "3.25.7", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "codeql", - "version": "3.25.6", + "version": "3.25.7", "license": "MIT", "dependencies": { "@actions/artifact": "^1.1.2", diff --git a/package.json b/package.json index c08ac64bae..40cb026a4e 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "codeql", - "version": "3.25.6", + "version": "3.25.7", "private": true, "description": "CodeQL action", "scripts": { From 00daf24ffe3cbfb7621d5835fbc71fb1bb51bc92 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 20 May 2024 14:48:50 +0000 Subject: [PATCH 11/11] Update checked-in dependencies --- node_modules/.package-lock.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/node_modules/.package-lock.json b/node_modules/.package-lock.json index 83ff4a7f3c..d0b5b68a3c 100644 --- a/node_modules/.package-lock.json +++ b/node_modules/.package-lock.json @@ -1,6 +1,6 @@ { "name": "codeql", - "version": "3.25.6", + "version": "3.25.7", "lockfileVersion": 3, "requires": true, "packages": {