Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merge releases/v3 into releases/v2 #2446

Merged
merged 11 commits into from
Aug 23, 2024
Merged

Merge releases/v3 into releases/v2 #2446

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
b15a247
Update changelog and version after v3.26.4
github-actions[bot] Aug 21, 2024
6f10eb0
Update checked-in dependencies
github-actions[bot] Aug 21, 2024
fd5fa13
Merge pull request #2438 from github/mergeback/v3.26.4-to-main-f0f3afee
angelapwen Aug 21, 2024
7e27807
Only run check SIP enablement once in `init` step (#2441)
angelapwen Aug 23, 2024
68cd1f9
Update changelog for v3.26.5
github-actions[bot] Aug 23, 2024
2c779ab
Merge main into releases/v3 (#2444)
angelapwen Aug 23, 2024
025a994
Revert "Update version and changelog for v2.26.4"
github-actions[bot] Aug 23, 2024
4ad2714
Revert "Update checked-in dependencies"
github-actions[bot] Aug 23, 2024
751600b
Merge remote-tracking branch 'origin/releases/v3' into backport-v2.26…
github-actions[bot] Aug 23, 2024
df56d39
Update version and changelog for v2.26.5
github-actions[bot] Aug 23, 2024
3c0d130
Update checked-in dependencies
github-actions[bot] Aug 23, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,10 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th

Note that the only difference between `v2` and `v3` of the CodeQL Action is the node version they support, with `v3` running on node 20 while we continue to release `v2` to support running on node 16. For example `3.22.11` was the first `v3` release and is functionally identical to `2.22.11`. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

## 2.26.5 - 23 Aug 2024

- Fix an issue where the `csrutil` system call used for telemetry would fail on MacOS ARM machines with System Integrity Protection disabled. [#2441](https://github.com/github/codeql-action/pull/2441)

## 2.26.4 - 21 Aug 2024

- _Deprecation:_ The `add-snippets` input on the `analyze` Action is deprecated and will be removed in the first release in August 2025. [#2436](https://github.com/github/codeql-action/pull/2436)
Expand Down
5 changes: 5 additions & 0 deletions lib/environment.js
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion lib/environment.js.map
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion lib/init-action.js
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion lib/init-action.js.map
View file
Open in desktop

Large diffs are not rendered by default.

18 changes: 13 additions & 5 deletions lib/util.js
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion lib/util.js.map
View file
Open in desktop

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion node_modules/.package-lock.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions package-lock.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "codeql",
"version": "2.26.4",
"version": "2.26.5",
"private": true,
"description": "CodeQL action",
"scripts": {
Expand Down
6 changes: 6 additions & 0 deletions src/environment.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,12 @@ export enum EnvVar {
/** Whether the init action has been run. */
INIT_ACTION_HAS_RUN = "CODEQL_ACTION_INIT_HAS_RUN",

/**
* For MacOS. Result of `csrutil status` to determine whether System Integrity
* Protection is enabled.
*/
IS_SIP_ENABLED = "CODEQL_ACTION_IS_SIP_ENABLED",

/** UUID representing the current job run. */
JOB_RUN_UUID = "JOB_RUN_UUID",

Expand Down
4 changes: 2 additions & 2 deletions src/init-action.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@ import {
checkDiskUsage,
checkForTimeout,
checkGitHubVersionInRange,
checkSipEnablement,
codeQlVersionAtLeast,
DEFAULT_DEBUG_ARTIFACT_NAME,
DEFAULT_DEBUG_DATABASE_NAME,
Expand All @@ -56,7 +57,6 @@ import {
getThreadsFlagValue,
initializeEnvironment,
isHostedRunner,
isSipEnabled,
ConfigurationError,
wrapError,
checkActionVersion,
Expand Down Expand Up @@ -555,7 +555,7 @@ async function run() {
!(await codeQlVersionAtLeast(codeql, "2.15.1")) &&
process.platform === "darwin" &&
(process.arch === "arm" || process.arch === "arm64") &&
!(await isSipEnabled(logger))
!(await checkSipEnablement(logger))
) {
logger.warning(
"CodeQL versions 2.15.0 and lower are not supported on MacOS ARM machines with System Integrity Protection (SIP) disabled.",
Expand Down
19 changes: 15 additions & 4 deletions src/util.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1021,7 +1021,7 @@ export async function checkDiskUsage(
if (
process.platform === "darwin" &&
(process.arch === "arm" || process.arch === "arm64") &&
!(await isSipEnabled(logger))
!(await checkSipEnablement(logger))
) {
return undefined;
}
Expand Down Expand Up @@ -1113,11 +1113,20 @@ export function cloneObject<T>(obj: T): T {
return JSON.parse(JSON.stringify(obj)) as T;
}

// For MacOS runners: runs `csrutil status` to determine whether System
// Integrity Protection is enabled.
export async function isSipEnabled(
// The first time this function is called, it runs `csrutil status` to determine
// whether System Integrity Protection is enabled; and saves the result in an
// environment variable. Afterwards, simply return the value of the environment
// variable.
export async function checkSipEnablement(
logger: Logger,
): Promise<boolean | undefined> {
if (
process.env[EnvVar.IS_SIP_ENABLED] !== undefined &&
["true", "false"].includes(process.env[EnvVar.IS_SIP_ENABLED])
) {
return process.env[EnvVar.IS_SIP_ENABLED] === "true";
}

try {
const sipStatusOutput = await exec.getExecOutput("csrutil status");
if (sipStatusOutput.exitCode === 0) {
Expand All @@ -1126,13 +1135,15 @@ export async function isSipEnabled(
"System Integrity Protection status: enabled.",
)
) {
core.exportVariable(EnvVar.IS_SIP_ENABLED, "true");
return true;
}
if (
sipStatusOutput.stdout.includes(
"System Integrity Protection status: disabled.",
)
) {
core.exportVariable(EnvVar.IS_SIP_ENABLED, "false");
return false;
}
}
Expand Down
Loading