Merge main into v1

.github/workflows/pr-checks.yml

@@ -1,4 +1,4 @@
-name: "PR checks"
+name: PR checks
 
 env:
   GO111MODULE: auto
@@ -14,6 +14,7 @@ on:
 
 jobs:
   lint-js:
+    name: Lint
     runs-on: ubuntu-latest
 
     steps:
@@ -26,10 +27,11 @@ jobs:
 
     steps:
     - uses: actions/checkout@v2
-    - name: Check generated JavaScript
+    - name: Check generated JS
       run: .github/workflows/script/check-js.sh
 
   check-node-modules:
+    name: Check modules up to date
     runs-on: macos-latest
 
     steps:
@@ -38,6 +40,7 @@ jobs:
       run: .github/workflows/script/check-node-modules.sh
 
   npm-test:
+    name: Unit Test
     needs: [check-js, check-node-modules]
     strategy:
       matrix:
@@ -50,6 +53,7 @@ jobs:
       run: npm run-script test
 
   multi-language-repo_test-autodetect-languages:
+    name: Autodetect language (multi)
     needs: [check-js, check-node-modules]
     runs-on: ubuntu-latest
 
@@ -107,6 +111,7 @@ jobs:
   # Packaging test that runs against a javascript database
   # Specifying packs in the config file.
   test-packaging-javascript-config:
+    name: Packaging Config JS
     needs: [check-js, check-node-modules]
     runs-on: ubuntu-latest
 
@@ -123,6 +128,8 @@ jobs:
       with:
         config-file: ".github/codeql/codeql-config-packaging.yml"
         languages: javascript
+        # This version is known to worl with 0.1.0
+        tools: https://github.com/dsp-testing/codeql-cli-nightlies/releases/download/codeql-bundle-20210831-manual/codeql-bundle.tar.gz
     - name: Build code
       shell: bash
       run: ./build.sh
@@ -148,6 +155,7 @@ jobs:
   # Packaging test that runs against a javascript database
   # Specifying packs as an input.
   test-packaging-javascript-inputs:
+    name: Packaging Inputs JS
     needs: [check-js, check-node-modules]
     runs-on: ubuntu-latest
 
@@ -164,7 +172,9 @@ jobs:
       with:
         config-file: ".github/codeql/codeql-config-packaging2.yml"
         languages: javascript
-        packs: dsp-testing/codeql-pack1@0.0.4, dsp-testing/codeql-pack2
+        packs: dsp-testing/codeql-pack1@0.1.0, dsp-testing/codeql-pack2
+        # This version is known to worl with 0.1.0
+        tools: https://github.com/dsp-testing/codeql-cli-nightlies/releases/download/codeql-bundle-20210831-manual/codeql-bundle.tar.gz
 
     - name: Build code
       shell: bash
@@ -191,6 +201,7 @@ jobs:
   # Packaging test that runs against a javascript database
   # Specifying packs in the config file and inputs.
   test-packaging-javascript-config-and-inputs:
+    name: Packaging Inputs and Config JS
     needs: [check-js, check-node-modules]
     runs-on: ubuntu-latest
 
@@ -206,8 +217,10 @@ jobs:
     - uses: ./../action/init
       with:
         config-file: ".github/codeql/codeql-config-packaging3.yml"
-        packs: +dsp-testing/codeql-pack1@0.0.4
+        packs: +dsp-testing/codeql-pack1@0.1.0
         languages: javascript
+        # This version is known to worl with 0.1.0
+        tools: https://github.com/dsp-testing/codeql-cli-nightlies/releases/download/codeql-bundle-20210831-manual/codeql-bundle.tar.gz
 
     - name: Build code
       shell: bash
@@ -233,6 +246,7 @@ jobs:
 
   # Tests a split workflow where database construction and query execution happen in different steps
   test-split-workflow:
+    name: Split workflow
     needs: [check-js, check-node-modules]
     runs-on: ubuntu-latest
 
@@ -248,9 +262,10 @@ jobs:
     - uses: ./../action/init
       with:
         config-file: ".github/codeql/codeql-config-packaging3.yml"
-        packs: +dsp-testing/codeql-pack1@0.0.4
+        packs: +dsp-testing/codeql-pack1@0.1.0
         languages: javascript
-        tools: latest
+        # This version is known to worl with 0.1.0
+        tools: https://github.com/dsp-testing/codeql-cli-nightlies/releases/download/codeql-bundle-20210831-manual/codeql-bundle.tar.gz
     - name: Build code
       shell: bash
       run: ./build.sh
@@ -287,12 +302,16 @@ jobs:
 
   # Identify the CodeQL tool versions to integration test against.
   check-codeql-versions:
+    name: Check CodeQL Versions
     needs: [check-js, check-node-modules]
     runs-on: ubuntu-latest
     outputs:
       versions: ${{ steps.compare.outputs.versions }}
       nightly-url: ${{ steps.get-url.outputs.nightly-url }}
-
+    env:
+      # URL of the oldest release that we support, if this is being bumped then the constant
+      # CODEQL_MINIMUM_VERSION in the file codeql.ts should also be bumped to match this.
+      OLDEST_URL: https://github.com/github/codeql-action/releases/download/codeql-bundle-20201028/codeql-bundle.tar.gz
     steps:
     - uses: actions/checkout@v2
     - name: Move codeql-action
@@ -336,38 +355,52 @@ jobs:
       with:
         tools: ${{ steps.get-url.outputs.nightly-url }}
         languages: javascript
+    - name: Remove empty database
+      # allows us to run init a fourth time
+      run: |
+        rm -rf "$RUNNER_TEMP/codeql_databases"
+    - name: Init with a CodeQL bundle from the oldest supported release
+      id: init-oldest
+      uses: ./../action/init
+      with:
+        tools: ${{ env.OLDEST_URL }}
+        languages: javascript
     - name: Compare CodeQL bundle versions
       id: compare
       env:
         CODEQL_DEFAULT: ${{ steps.init-default.outputs.codeql-path }}
         CODEQL_LATEST: ${{ steps.init-latest.outputs.codeql-path }}
         CODEQL_NIGHTLY: ${{ steps.init-nightly.outputs.codeql-path }}
+        CODEQL_OLDEST: ${{ steps.init-oldest.outputs.codeql-path }}
         NIGHTLY_URL: ${{ steps.get-url.outputs.nightly-url }}
       run: |
         CODEQL_VERSION_DEFAULT="$("$CODEQL_DEFAULT" version --format terse)"
         CODEQL_VERSION_LATEST="$("$CODEQL_LATEST" version --format terse)"
         CODEQL_VERSION_NIGHTLY="$("$CODEQL_NIGHTLY" version --format terse)"
+        CODEQL_VERSION_OLDEST="$("$CODEQL_OLDEST" version --format terse)"
         echo "Default CodeQL bundle version is $CODEQL_VERSION_DEFAULT"
         echo "Latest CodeQL bundle version is $CODEQL_VERSION_LATEST"
         echo "Nightly CodeQL bundle version is $CODEQL_VERSION_NIGHTLY"
+        echo "Oldest supported CodeQL bundle version is $CODEQL_VERSION_OLDEST"
 
-        # If we're running on a pull request, run each integration test with all three bundles, even
+        # If we're running on a pull request, run each integration test with all four bundles, even
         # if `tools: latest` would be the same as `tools: null`. This allows us to make the
-        # integration test job for each of the three bundles a required status check.
+        # integration test job for each of the four bundles a required status check.
         #
         # If we're running on push, then we can skip running with `tools: latest` when it would be
         # the same as running with `tools: null`.
         if [[ "$GITHUB_EVENT_NAME" != "pull_request" && "$CODEQL_VERSION_DEFAULT" == "$CODEQL_VERSION_LATEST" ]]; then
-          VERSIONS_JSON="[null, \"$NIGHTLY_URL\"]"
+          VERSIONS_JSON="[null, \"$NIGHTLY_URL\", \"$OLDEST_URL\"]"
         else
-          VERSIONS_JSON="[null, \"$NIGHTLY_URL\", \"latest\"]"
+          VERSIONS_JSON="[null, \"$NIGHTLY_URL\", \"$OLDEST_URL\", \"latest\"]"
         fi
 
         # Output a JSON-encoded list with the distinct versions to test against.
         echo "Suggested matrix config for integration tests: $VERSIONS_JSON"
         echo "::set-output name=versions::${VERSIONS_JSON}"
 
   multi-language-repo_test-custom-queries-and-remote-config:
+    name: Remote Config Custom Queries multi-language repo
     needs: [check-js, check-node-modules, check-codeql-versions]
     strategy:
       fail-fast: false
@@ -399,6 +432,7 @@ jobs:
 
   # Currently is not possible to analyze Go in conjunction with other languages in macos
   multi-language-repo_test-go-custom-queries:
+    name: Go custom queries multi-language repo
     needs: [check-js, check-node-modules, check-codeql-versions]
     strategy:
       fail-fast: false
@@ -433,6 +467,7 @@ jobs:
         TEST_MODE: true
 
   go-custom-tracing:
+    name: Go custom tracing
     needs: [check-js, check-node-modules, check-codeql-versions]
     strategy:
       fail-fast: false
@@ -468,6 +503,7 @@ jobs:
         TEST_MODE: true
 
   go-custom-tracing-autobuild:
+    name: Go autobuild custom tracing
     needs: [check-js, check-node-modules, check-codeql-versions]
     strategy:
       fail-fast: false
@@ -505,6 +541,7 @@ jobs:
 
   # Ruby is in beta, so test it separately for now.
   multi-language-repo_test-ruby:
+    name: Ruby multi-language
     needs: [check-js, check-node-modules, check-codeql-versions]
     strategy:
       fail-fast: false
@@ -545,6 +582,7 @@ jobs:
         fi
 
   multi-language-repo_rubocop:
+    name: Rubocop multi-language
     needs: [check-js, check-node-modules]
     runs-on: ubuntu-latest
 
@@ -578,6 +616,7 @@ jobs:
         TEST_MODE: true
 
   test-proxy:
+    name: Proxy
     needs: [check-js, check-node-modules, check-codeql-versions]
     strategy:
       fail-fast: false
@@ -612,6 +651,7 @@ jobs:
         TEST_MODE: true
 
   runner-analyze-javascript-ubuntu:
+    name: Runner ubuntu JS analyze
     needs: [check-js, check-node-modules]
     runs-on: ubuntu-latest
 
@@ -639,6 +679,7 @@ jobs:
         TEST_MODE: true
 
   runner-analyze-javascript-windows:
+    name: Runner windows JS analyze
     needs: [check-js, check-node-modules]
     runs-on: windows-latest
 
@@ -662,6 +703,7 @@ jobs:
         TEST_MODE: true
 
   runner-analyze-javascript-macos:
+    name: Runner macos JS analyze
     needs: [check-js, check-node-modules]
     runs-on: macos-latest
 
@@ -685,6 +727,7 @@ jobs:
         TEST_MODE: true
 
   runner-analyze-csharp-ubuntu:
+    name: Runner ubuntu C# analyze
     needs: [check-js, check-node-modules]
     runs-on: ubuntu-latest
 
@@ -721,6 +764,7 @@ jobs:
         TEST_MODE: true
 
   runner-analyze-csharp-windows:
+    name: Runner windows C# analyze
     needs: [check-js, check-node-modules]
     runs-on: windows-latest
 
@@ -760,6 +804,7 @@ jobs:
         TEST_MODE: true
 
   runner-analyze-csharp-macos:
+    name: Runner macos C# analyze
     needs: [check-js, check-node-modules]
     runs-on: macos-latest
 
@@ -798,6 +843,7 @@ jobs:
 
 
   runner-analyze-csharp-autobuild-ubuntu:
+    name: Runner ubuntu autobuild C# analyze
     needs: [check-js, check-node-modules]
     runs-on: ubuntu-latest
 
@@ -833,6 +879,7 @@ jobs:
         TEST_MODE: true
 
   runner-analyze-csharp-autobuild-windows:
+    name: Runner windows autobuild C# analyze
     needs: [check-js, check-node-modules]
     runs-on: windows-latest
 
@@ -869,6 +916,7 @@ jobs:
         TEST_MODE: true
 
   runner-analyze-csharp-autobuild-macos:
+    name: Runner macos autobuild C# analyze
     needs: [check-js, check-node-modules]
     runs-on: macos-latest
 
@@ -905,6 +953,7 @@ jobs:
         TEST_MODE: true
 
   runner-upload-sarif:
+    name: Runner upload sarif
     needs: [check-js, check-node-modules]
     runs-on: ubuntu-latest
 
@@ -926,6 +975,7 @@ jobs:
         runner/dist/codeql-runner-linux upload --sarif-file src/testdata/empty-sarif.sarif --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
 
   multi-language-repo_test-local-codeql:
+    name: Local codeql multi-language repo
     needs: [check-js, check-node-modules, check-codeql-versions]
     runs-on: ubuntu-latest
 
@@ -946,6 +996,7 @@ jobs:
     - uses: ./../action/analyze
 
   test-javascript-source-root:
+    name: JS source root
     needs: [check-js, check-node-modules]
     runs-on: ubuntu-latest
 

CHANGELOG.md

@@ -1,5 +1,11 @@
 # CodeQL Action and CodeQL Runner Changelog
 
+## 1.0.13 - 06 Sep 2021
+
+- Update default CodeQL bundle version to 2.6.0. [#712](https://github.com/github/codeql-action/pull/712)
+- Update baseline lines of code counter for python. All multi-line strings are counted as code. [#714](https://github.com/github/codeql-action/pull/714)
+- Remove old baseline LoC injection [#715](https://github.com/github/codeql-action/pull/715)
+
 ## 1.0.12 - 16 Aug 2021
 
 - Update README to include a sample permissions block. [#689](https://github.com/github/codeql-action/pull/689)

README.md

@@ -74,8 +74,8 @@ jobs:
       #    project uses a compiled language
 
       #- run: |
-      #   make bootstrap
-      #   make release
+      #     make bootstrap
+      #     make release
 
       - name: Perform CodeQL Analysis
         uses: github/codeql-action/analyze@v1
@@ -91,8 +91,8 @@ If you prefer to integrate this within an existing CI workflow, it should end up
 
 # Here is where you build your code
 - run: |
-  make bootstrap
-  make release
+    make bootstrap
+    make release
 
 - name: Perform CodeQL Analysis
   uses: github/codeql-action/analyze@v1