Merge main into v1

.github/update-release-branch.py

@@ -93,7 +93,9 @@ def open_pr(repo, all_commits, short_main_sha, branch_name):
   title = 'Merge ' + MAIN_BRANCH + ' into ' + LATEST_RELEASE_BRANCH
 
   # Create the pull request
-  pr = repo.create_pull(title=title, body='\n'.join(body), head=branch_name, base=LATEST_RELEASE_BRANCH)
+  # PR checks won't be triggered on PRs created by Actions. Therefore mark the PR as draft so that
+  # a maintainer can take the PR out of draft, thereby triggering the PR checks.
+  pr = repo.create_pull(title=title, body='\n'.join(body), head=branch_name, base=LATEST_RELEASE_BRANCH, draft=True)
   print('Created PR #' + str(pr.number))
 
   # Assign the conductor

.github/workflows/check-expected-release-files.yml

@@ -5,6 +5,9 @@ on:
     paths:
       - .github/workflows/check-expected-release-files.yml
       - src/defaults.json
+    # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened
+    # by other workflows.
+    types: [opened, synchronize, reopened, ready_for_review]
 
 jobs:
   check-expected-release-files:

.github/workflows/codeql.yml

@@ -5,6 +5,9 @@ on:
     branches: [main, v1]
   pull_request:
     branches: [main, v1]
+    # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened
+    # by other workflows.
+    types: [opened, synchronize, reopened, ready_for_review]
 
 jobs:
   # Identify the CodeQL tool versions to use in the analysis job.

.github/workflows/post-release-mergeback.yml

@@ -106,19 +106,14 @@ jobs:
           git commit -m "Update changelog and version after $VERSION"
           npm version patch
 
-          # when running this workflow on a PR, this is just a test.
-          # so put into draft mode.
-          if [ "$GITHUB_EVENT_NAME" == "pull_request" ]; then
-            DRAFT="--draft"
-          else
-            DRAFT=""
-          fi
-
           git push origin "$NEW_BRANCH"
+
+          # PR checks won't be triggered on PRs created by Actions. Therefore mark the PR as draft
+          # so that a maintainer can take the PR out of draft, thereby triggering the PR checks.
           gh pr create \
             --head "$NEW_BRANCH" \
             --base "$BASE_BRANCH" \
             --title "$PR_TITLE" \
             --label "Update dependencies" \
             --body "$PR_BODY" \
-            ${DRAFT:+"$DRAFT"} # no quotes around $DRAFT. gh will error out if there is an empty ""
+            --draft

.github/workflows/pr-checks.yml

@@ -7,6 +7,9 @@ on:
   push:
     branches: [main, v1]
   pull_request:
+    # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened
+    # by other workflows.
+    types: [opened, synchronize, reopened, ready_for_review]
   workflow_dispatch:
 
 jobs:
@@ -494,6 +497,47 @@ jobs:
           exit 1
         fi
 
+  # Ruby is in beta, so test it separately for now.
+  multi-language-repo_test-ruby:
+    needs: [check-js, check-node-modules, check-codeql-versions]
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest, windows-latest, macos-latest]
+        tools:
+          - latest
+          # TODO: Uncomment when nightly builds also support Ruby in beta.
+          # - ${{ needs.check-codeql-versions.outputs.nightly-url }}
+    runs-on: ${{ matrix.os }}
+    env:
+      CODEQL_ENABLE_EXPERIMENTAL_FEATURES: true
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Move codeql-action
+      shell: bash
+      run: |
+        mkdir ../action
+        mv * .github ../action/
+        mv ../action/tests/multi-language-repo/{*,.github} .
+        mv ../action/.github/workflows .github
+    - uses: ./../action/init
+      with:
+        languages: ruby
+        tools: ${{ matrix.tools }}
+    - uses: ./../action/analyze
+      id: analysis
+      env:
+        TEST_MODE: true
+    - name: Check database
+      shell: bash
+      run: |
+        RUBY_DB="${{ fromJson(steps.analysis.outputs.db-locations).ruby }}"
+        if [[ ! -d "$RUBY_DB" ]]; then
+          echo "Did not create a database for Ruby."
+          exit 1
+        fi
+
   multi-language-repo_rubocop:
     needs: [check-js, check-node-modules]
     runs-on: ubuntu-latest

.github/workflows/python-deps.yml

@@ -4,6 +4,9 @@ on:
   push:
     branches: [main, v1]
   pull_request:
+    # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened
+    # by other workflows.
+    types: [opened, synchronize, reopened, ready_for_review]
 
 jobs:
   test-setup-python-scripts:

.github/workflows/update-dependencies.yml

@@ -1,7 +1,7 @@
 name: Update dependencies
 on:
   pull_request_target:
-    types: [opened, synchronize, reopened, labeled]
+    types: [opened, synchronize, reopened, ready_for_review, labeled]
 
 jobs:
   update:

.github/workflows/update-release-branch.yml

@@ -27,7 +27,7 @@ jobs:
     - name: Install dependencies
       run: |
         python -m pip install --upgrade pip
-        pip install PyGithub==1.51 requests
+        pip install PyGithub==1.55 requests
 
     - name: Update git config
       run: |

CHANGELOG.md

@@ -1,5 +1,9 @@
 # CodeQL Action and CodeQL Runner Changelog
 
+## 1.0.11 - 09 Aug 2021
+
+- Update default CodeQL bundle version to 2.5.9. [#687](https://github.com/github/codeql-action/pull/687)
+
 ## 1.0.10 - 03 Aug 2021
 
 - Fix an issue where a summary of diagnostics information from CodeQL was not output to the logs of the `analyze` step of the Action. [#672](https://github.com/github/codeql-action/pull/672)

lib/defaults.json

@@ -1,3 +1,3 @@
 {
-    "bundleVersion": "codeql-bundle-20210726"
+    "bundleVersion": "codeql-bundle-20210809"
 }