Skip to content

Commit

Permalink
Merge branch 'main' into rvermeulen/update-release-branch-authz
Browse files Browse the repository at this point in the history
  • Loading branch information
rvermeulen authored Sep 10, 2024
2 parents 0f99b63 + 8fd294e commit f824adb
Show file tree
Hide file tree
Showing 633 changed files with 9,119 additions and 3,923 deletions.
14 changes: 10 additions & 4 deletions .github/actions/prepare-test/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -32,14 +32,20 @@ runs:
run: |
set -e # Fail this Action if `gh release list` fails.
if [[ ${{ inputs.version }} == "nightly-latest" ]]; then
extension="tar.zst"
else
extension="tar.gz"
fi
if [[ ${{ inputs.use-all-platform-bundle }} == "true" ]]; then
artifact_name="codeql-bundle.tar.gz"
artifact_name="codeql-bundle.$extension"
elif [[ "$RUNNER_OS" == "Linux" ]]; then
artifact_name="codeql-bundle-linux64.tar.gz"
artifact_name="codeql-bundle-linux64.$extension"
elif [[ "$RUNNER_OS" == "macOS" ]]; then
artifact_name="codeql-bundle-osx64.tar.gz"
artifact_name="codeql-bundle-osx64.$extension"
elif [[ "$RUNNER_OS" == "Windows" ]]; then
artifact_name="codeql-bundle-win64.tar.gz"
artifact_name="codeql-bundle-win64.$extension"
else
echo "::error::Unrecognized OS $RUNNER_OS"
exit 1
Expand Down
8 changes: 4 additions & 4 deletions .github/actions/setup-swift/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,15 +11,15 @@ runs:
id: get_swift_version
if: runner.os == 'Linux'
shell: bash
env:
env:
CODEQL_PATH: ${{ inputs.codeql-path }}
run: |
SWIFT_EXTRACTOR_DIR="$("$CODEQL_PATH" resolve languages --format json | jq -r '.swift[0]')"
if [ $SWIFT_EXTRACTOR_DIR = "null" ]; then
VERSION="null"
else
VERSION="$("$SWIFT_EXTRACTOR_DIR/tools/linux64/extractor" --version | awk '/version/ { print $3 }')"
# Specify 5.x.0, otherwise setup Action will default to latest minor version.
# Specify 5.x.0, otherwise setup Action will default to latest minor version.
if [ $VERSION = "5.7" ]; then
VERSION="5.7.0"
elif [ $VERSION = "5.8" ]; then
Expand All @@ -29,11 +29,11 @@ runs:
# setup-swift does not yet support v5.9.1 Remove this when it does.
elif [ $VERSION = "5.9.1" ]; then
VERSION="5.9.0"
fi
fi
fi
echo "version=$VERSION" | tee -a $GITHUB_OUTPUT
- uses: redsun82/setup-swift@b2b6f77ab14f6a9b136b520dc53ec8eca27d2b99 # Please update the corresponding SHA in the CLI's CodeQL Action Integration Test.
- uses: redsun82/setup-swift@362f49f31da2f5f4f851657046bdd1290d03edc8 # Please update the corresponding SHA in the CLI's CodeQL Action Integration Test.
if: runner.os == 'Linux' && steps.get_swift_version.outputs.version != 'null'
with:
swift-version: "${{ steps.get_swift_version.outputs.version }}"
2 changes: 1 addition & 1 deletion .github/workflows/__go-tracing-autobuilder.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion .github/workflows/__go-tracing-custom-build-steps.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion .github/workflows/__go-tracing-legacy-workflow.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

84 changes: 84 additions & 0 deletions .github/workflows/__job-run-uuid-sarif.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions .github/workflows/__submit-sarif-failure.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion .github/workflows/__test-local-codeql.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 1 addition & 2 deletions .github/workflows/script/update-required-checks.sh
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,7 @@ fi
echo "Getting checks for $GITHUB_SHA"

# Ignore any checks with "https://", CodeQL, LGTM, and Update checks.
# Also ignore the non-matrixed "Unit Tests" job that only runs on pushes to protected branches.
CHECKS="$(gh api repos/github/codeql-action/commits/"${GITHUB_SHA}"/check-runs --paginate | jq --slurp --compact-output --raw-output '[.[].check_runs | .[].name | select(contains("https://") or . == "CodeQL" or . == "Dependabot" or . == "check-expected-release-files" or . == "Unit Tests" or contains("Update") or contains("update") or contains("test-setup-python-scripts") | not)] | unique | sort')"
CHECKS="$(gh api repos/github/codeql-action/commits/"${GITHUB_SHA}"/check-runs --paginate | jq --slurp --compact-output --raw-output '[.[].check_runs.[] | select(.conclusion != "skipped") | .name | select(contains("https://") or . == "CodeQL" or . == "Dependabot" or . == "check-expected-release-files" or contains("Update") or contains("update") or contains("test-setup-python-scripts") | not)] | unique | sort')"

echo "$CHECKS" | jq

Expand Down
29 changes: 29 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,35 @@ Note that the only difference between `v2` and `v3` of the CodeQL Action is the

## [UNRELEASED]

No user facing changes.

## 3.26.6 - 29 Aug 2024

- Update default CodeQL bundle version to 2.18.3. [#2449](https://github.com/github/codeql-action/pull/2449)

## 3.26.5 - 23 Aug 2024

- Fix an issue where the `csrutil` system call used for telemetry would fail on MacOS ARM machines with System Integrity Protection disabled. [#2441](https://github.com/github/codeql-action/pull/2441)

## 3.26.4 - 21 Aug 2024

- _Deprecation:_ The `add-snippets` input on the `analyze` Action is deprecated and will be removed in the first release in August 2025. [#2436](https://github.com/github/codeql-action/pull/2436)
- Fix an issue where the disk usage system call used for telemetry would fail on MacOS ARM machines with System Integrity Protection disabled, and then surface a warning. The system call is now disabled for these machines. [#2434](https://github.com/github/codeql-action/pull/2434)

## 3.26.3 - 19 Aug 2024

- Fix an issue where the CodeQL Action could not write diagnostic messages on Windows. This issue did not impact analysis quality. [#2430](https://github.com/github/codeql-action/pull/2430)

## 3.26.2 - 14 Aug 2024

- Update default CodeQL bundle version to 2.18.2. [#2417](https://github.com/github/codeql-action/pull/2417)

## 3.26.1 - 13 Aug 2024

No user facing changes.

## 3.26.0 - 06 Aug 2024

- _Deprecation:_ Swift analysis on Ubuntu runner images is no longer supported. Please migrate to a macOS runner if this affects you. [#2403](https://github.com/github/codeql-action/pull/2403)
- Bump the minimum CodeQL bundle version to 2.13.5. [#2408](https://github.com/github/codeql-action/pull/2408)

Expand Down
20 changes: 10 additions & 10 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -33,19 +33,19 @@ To provide the best experience to customers using older versions of GitHub Enter

For more information, see "[Code scanning: deprecation of CodeQL Action v2](https://github.blog/changelog/2024-01-12-code-scanning-deprecation-of-codeql-action-v2/)."

## Supported versions of the CodeQL CLI and GitHub Enterprise Server
## Supported versions of the CodeQL Bundle on GitHub Enterprise Server

We typically release new minor versions of the CodeQL Action and CLI when a new minor version of GitHub Enterprise Server (GHES) is released. When a version of GHES is deprecated, the CodeQL Action and CLI releases that shipped with it are deprecated as well.
We typically release new minor versions of the CodeQL Action and Bundle when a new minor version of GitHub Enterprise Server (GHES) is released. When a version of GHES is deprecated, the CodeQL Action and Bundle releases that shipped with it are deprecated as well.

| Recommended CodeQL Action | Recommended CodeQL CLI Version | GitHub Environment |
|---------|----------|--------------|
| `v3` | default (do not pass a `tools` input) | github.com |
| `v3.24.11` | `v2.16.6` | Enterprise Server 3.13 |
| `3.22.12` | `2.15.5` | Enterprise Server 3.12 |
| `2.22.1` | `2.14.6` | Enterprise Server 3.11 |
| `2.20.3` | `2.13.5` | Enterprise Server 3.10 |
| Minimum CodeQL Action | Minimum CodeQL Bundle Version | GitHub Environment | Notes |
|-----------------------|-------------------------------|--------------------|-------|
| `v3.25.11` | `2.17.6` | Enterprise Server 3.14 | |
| `v3.24.11` | `2.16.6` | Enterprise Server 3.13 | |
| `v3.22.12` | `2.15.5` | Enterprise Server 3.12 | |
| `v2.22.1` | `2.14.6` | Enterprise Server 3.11 | Supports CodeQL Action v3, but did not ship with CodeQL Action v3. For more information, see "[Code scanning: deprecation of CodeQL Action v2](https://github.blog/changelog/2024-01-12-code-scanning-deprecation-of-codeql-action-v2/#users-of-github-enterprise-server-311)." |
| `v2.20.3` | `2.13.5` | Enterprise Server 3.10 | Does not support CodeQL Action v3. |

CodeQL Action `v2` will stop receiving updates when GHES 3.11 is deprecated.
CodeQL Action v2 will stop receiving updates when GHES 3.11 is deprecated.

See the full list of GHES release and deprecation dates at [GitHub Enterprise Server releases](https://docs.github.com/en/enterprise-server/admin/all-releases#releases-of-github-enterprise-server).

Expand Down
7 changes: 6 additions & 1 deletion analyze/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ inputs:
# If changing this, make sure to update workflow.ts accordingly.
default: "always"
cleanup-level:
description: "Level of cleanup to perform on CodeQL databases at the end of the analyze step. This should either be 'none' to skip cleanup, or be a valid argument for the --mode flag of the CodeQL CLI command 'codeql database cleanup' as documented at https://codeql.github.com/docs/codeql-cli/manual/database-cleanup"
description: "Level of cleanup to perform on CodeQL databases at the end of the analyze step. This should either be 'none' to skip cleanup, or be a valid argument for the --cache-cleanup flag of the CodeQL CLI command 'codeql database cleanup' as documented at https://codeql.github.com/docs/codeql-cli/manual/database-cleanup"
required: false
default: "brutal"
ram:
Expand All @@ -34,6 +34,11 @@ inputs:
description: Specify whether or not to add code snippets to the output sarif file.
required: false
default: "false"
deprecationMessage: >-
The input "add-snippets" is deprecated and will be removed on the first release in August 2025.
When this input is set to true it is expected to add code snippets with an alert to the SARIF file.
However, since Code Scanning ignores code snippets provided as part of a SARIF file this is currently
a no operation. No alternative is available.
skip-queries:
description: If this option is set, the CodeQL database will be built but no queries will be run on it. Thus, no results will be produced.
required: false
Expand Down
2 changes: 1 addition & 1 deletion lib/analyze-action.js

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit f824adb

Please sign in to comment.