diff --git a/.github/check-codescanning-config/action.yml b/.github/actions/check-codescanning-config/action.yml similarity index 100% rename from .github/check-codescanning-config/action.yml rename to .github/actions/check-codescanning-config/action.yml diff --git a/.github/check-codescanning-config/index.ts b/.github/actions/check-codescanning-config/index.ts similarity index 100% rename from .github/check-codescanning-config/index.ts rename to .github/actions/check-codescanning-config/index.ts diff --git a/.github/check-sarif/action.yml b/.github/actions/check-sarif/action.yml similarity index 100% rename from .github/check-sarif/action.yml rename to .github/actions/check-sarif/action.yml diff --git a/.github/check-sarif/index.js b/.github/actions/check-sarif/index.js similarity index 100% rename from .github/check-sarif/index.js rename to .github/actions/check-sarif/index.js diff --git a/.github/prepare-test/action.yml b/.github/actions/prepare-test/action.yml similarity index 100% rename from .github/prepare-test/action.yml rename to .github/actions/prepare-test/action.yml diff --git a/.github/query-filter-test/action.yml b/.github/actions/query-filter-test/action.yml similarity index 96% rename from .github/query-filter-test/action.yml rename to .github/actions/query-filter-test/action.yml index 1cb9e2c8cd..6a2036382f 100644 --- a/.github/query-filter-test/action.yml +++ b/.github/actions/query-filter-test/action.yml @@ -44,7 +44,7 @@ runs: env: CODEQL_ACTION_TEST_MODE: "true" - name: Check SARIF - uses: ./../action/.github/check-sarif + uses: ./../action/.github/actions/check-sarif with: sarif-file: ${{ inputs.sarif-file }} queries-run: ${{ inputs.queries-run}} diff --git a/.github/setup-swift/action.yml b/.github/actions/setup-swift/action.yml similarity index 100% rename from .github/setup-swift/action.yml rename to .github/actions/setup-swift/action.yml diff --git a/.github/actions/update-bundle/action.yml b/.github/actions/update-bundle/action.yml new file mode 100644 index 0000000000..0216d2465b --- /dev/null +++ b/.github/actions/update-bundle/action.yml @@ -0,0 +1,14 @@ +name: Update default CodeQL bundle +description: Updates 'src/defaults.json' to point to a new CodeQL bundle release. + +runs: + using: composite + steps: + - name: Install ts-node + shell: bash + run: npm install -g ts-node + + - name: Run update script + working-directory: ${{ github.action_path }} + shell: bash + run: ts-node ./index.ts diff --git a/.github/actions/update-bundle/index.ts b/.github/actions/update-bundle/index.ts new file mode 100644 index 0000000000..a8bd13e27a --- /dev/null +++ b/.github/actions/update-bundle/index.ts @@ -0,0 +1,69 @@ +import * as fs from 'fs'; +import * as github from '@actions/github'; + +interface BundleInfo { + bundleVersion: string; + cliVersion: string; +} + +interface Defaults { + bundleVersion: string; + cliVersion: string; + priorBundleVersion: string; + priorCliVersion: string; +} + +const CODEQL_BUNDLE_PREFIX = 'codeql-bundle-'; + +function getCodeQLCliVersionForRelease(release): string { + // We do not currently tag CodeQL bundles based on the CLI version they contain. + // Instead, we use a marker file `cli-version-.txt` to record the CLI version. + // This marker file is uploaded as a release asset for all new CodeQL bundles. + const cliVersionsFromMarkerFiles = release.assets + .map((asset) => asset.name.match(/cli-version-(.*)\.txt/)?.[1]) + .filter((v) => v) + .map((v) => v as string); + if (cliVersionsFromMarkerFiles.length > 1) { + throw new Error( + `Release ${release.tag_name} has multiple CLI version marker files.` + ); + } else if (cliVersionsFromMarkerFiles.length === 0) { + throw new Error( + `Failed to find the CodeQL CLI version for release ${release.tag_name}.` + ); + } + return cliVersionsFromMarkerFiles[0]; + } + + async function getBundleInfoFromRelease(release): Promise { + return { + bundleVersion: release.tag_name.substring(CODEQL_BUNDLE_PREFIX.length), + cliVersion: getCodeQLCliVersionForRelease(release) + }; + } + + async function getNewDefaults(currentDefaults: Defaults): Promise { + const release = github.context.payload.release; + console.log('Updating default bundle as a result of the following release: ' + + `${JSON.stringify(release)}.`) + + const bundleInfo = await getBundleInfoFromRelease(release); + return { + bundleVersion: bundleInfo.bundleVersion, + cliVersion: bundleInfo.cliVersion, + priorBundleVersion: currentDefaults.bundleVersion, + priorCliVersion: currentDefaults.cliVersion + }; + } + + async function main() { + const previousDefaults: Defaults = JSON.parse(fs.readFileSync('../../../src/defaults.json', 'utf8')); + const newDefaults = await getNewDefaults(previousDefaults); + // Update the source file in the repository. Calling workflows should subsequently rebuild + // the Action to update `lib/defaults.json`. + fs.writeFileSync('../../../src/defaults.json', JSON.stringify(newDefaults, null, 2) + "\n"); + } + + // Ideally, we'd await main() here, but that doesn't work well with `ts-node`. + // So instead we rely on the fact that Node won't exit until the event loop is empty. + main(); diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 1ae2c35984..020dca75c8 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -16,6 +16,6 @@ updates: schedule: interval: weekly - package-ecosystem: github-actions - directory: "/.github/setup-swift/" # All subdirectories outside of "/.github/workflows" must be explicitly included. + directory: "/.github/actions/setup-swift/" # All subdirectories outside of "/.github/workflows" must be explicitly included. schedule: interval: weekly diff --git a/.github/workflows/__analyze-ref-input.yml b/.github/workflows/__analyze-ref-input.yml index cff1b5307f..a5ab171d23 100644 --- a/.github/workflows/__analyze-ref-input.yml +++ b/.github/workflows/__analyze-ref-input.yml @@ -69,7 +69,7 @@ jobs: uses: actions/checkout@v3 - name: Prepare test id: prepare-test - uses: ./.github/prepare-test + uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} - name: Set up Go diff --git a/.github/workflows/__autobuild-action.yml b/.github/workflows/__autobuild-action.yml index f99a4dc59f..a8293b4999 100644 --- a/.github/workflows/__autobuild-action.yml +++ b/.github/workflows/__autobuild-action.yml @@ -39,7 +39,7 @@ jobs: uses: actions/checkout@v3 - name: Prepare test id: prepare-test - uses: ./.github/prepare-test + uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} - uses: ./../action/init diff --git a/.github/workflows/__config-export.yml b/.github/workflows/__config-export.yml index c62cff45c6..c80b2ee7de 100644 --- a/.github/workflows/__config-export.yml +++ b/.github/workflows/__config-export.yml @@ -45,7 +45,7 @@ jobs: uses: actions/checkout@v3 - name: Prepare test id: prepare-test - uses: ./.github/prepare-test + uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} - uses: ./../action/init diff --git a/.github/workflows/__diagnostics-export.yml b/.github/workflows/__diagnostics-export.yml index eac8e6494b..5d81f5c07d 100644 --- a/.github/workflows/__diagnostics-export.yml +++ b/.github/workflows/__diagnostics-export.yml @@ -45,7 +45,7 @@ jobs: uses: actions/checkout@v3 - name: Prepare test id: prepare-test - uses: ./.github/prepare-test + uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} - uses: ./../action/init diff --git a/.github/workflows/__export-file-baseline-information.yml b/.github/workflows/__export-file-baseline-information.yml index e3bde8456e..f1d2cb3528 100644 --- a/.github/workflows/__export-file-baseline-information.yml +++ b/.github/workflows/__export-file-baseline-information.yml @@ -39,7 +39,7 @@ jobs: uses: actions/checkout@v3 - name: Prepare test id: prepare-test - uses: ./.github/prepare-test + uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} - uses: ./../action/init @@ -49,7 +49,7 @@ jobs: tools: ${{ steps.prepare-test.outputs.tools-url }} env: CODEQL_FILE_BASELINE_INFORMATION: true - - uses: ./../action/.github/setup-swift + - uses: ./../action/.github/actions/setup-swift with: codeql-path: ${{steps.init.outputs.codeql-path}} - name: Build code diff --git a/.github/workflows/__extractor-ram-threads.yml b/.github/workflows/__extractor-ram-threads.yml index b700b7644c..2582a517d9 100644 --- a/.github/workflows/__extractor-ram-threads.yml +++ b/.github/workflows/__extractor-ram-threads.yml @@ -35,7 +35,7 @@ jobs: uses: actions/checkout@v3 - name: Prepare test id: prepare-test - uses: ./.github/prepare-test + uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} - uses: ./../action/init diff --git a/.github/workflows/__go-custom-queries.yml b/.github/workflows/__go-custom-queries.yml index 3093f38aa2..9a7b937795 100644 --- a/.github/workflows/__go-custom-queries.yml +++ b/.github/workflows/__go-custom-queries.yml @@ -69,7 +69,7 @@ jobs: uses: actions/checkout@v3 - name: Prepare test id: prepare-test - uses: ./.github/prepare-test + uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} - name: Set up Go diff --git a/.github/workflows/__go-tracing-autobuilder.yml b/.github/workflows/__go-tracing-autobuilder.yml index 3110cad8ee..c43aae324c 100644 --- a/.github/workflows/__go-tracing-autobuilder.yml +++ b/.github/workflows/__go-tracing-autobuilder.yml @@ -57,7 +57,7 @@ jobs: uses: actions/checkout@v3 - name: Prepare test id: prepare-test - uses: ./.github/prepare-test + uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} - name: Set up Go diff --git a/.github/workflows/__go-tracing-custom-build-steps.yml b/.github/workflows/__go-tracing-custom-build-steps.yml index b9f4933ddb..6ad73ad4a9 100644 --- a/.github/workflows/__go-tracing-custom-build-steps.yml +++ b/.github/workflows/__go-tracing-custom-build-steps.yml @@ -57,7 +57,7 @@ jobs: uses: actions/checkout@v3 - name: Prepare test id: prepare-test - uses: ./.github/prepare-test + uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} - name: Set up Go diff --git a/.github/workflows/__go-tracing-legacy-workflow.yml b/.github/workflows/__go-tracing-legacy-workflow.yml index 05f98e4a18..2ce8d92979 100644 --- a/.github/workflows/__go-tracing-legacy-workflow.yml +++ b/.github/workflows/__go-tracing-legacy-workflow.yml @@ -57,7 +57,7 @@ jobs: uses: actions/checkout@v3 - name: Prepare test id: prepare-test - uses: ./.github/prepare-test + uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} - name: Set up Go diff --git a/.github/workflows/__init-with-registries.yml b/.github/workflows/__init-with-registries.yml index 5a70e1166e..b8d87e7bf1 100644 --- a/.github/workflows/__init-with-registries.yml +++ b/.github/workflows/__init-with-registries.yml @@ -51,7 +51,7 @@ jobs: uses: actions/checkout@v3 - name: Prepare test id: prepare-test - uses: ./.github/prepare-test + uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} - name: Init with registries diff --git a/.github/workflows/__javascript-source-root.yml b/.github/workflows/__javascript-source-root.yml index 01002fd247..44ced0a432 100644 --- a/.github/workflows/__javascript-source-root.yml +++ b/.github/workflows/__javascript-source-root.yml @@ -39,7 +39,7 @@ jobs: uses: actions/checkout@v3 - name: Prepare test id: prepare-test - uses: ./.github/prepare-test + uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} - name: Move codeql-action diff --git a/.github/workflows/__ml-powered-queries.yml b/.github/workflows/__ml-powered-queries.yml index 1009afc306..db52beb454 100644 --- a/.github/workflows/__ml-powered-queries.yml +++ b/.github/workflows/__ml-powered-queries.yml @@ -57,7 +57,7 @@ jobs: uses: actions/checkout@v3 - name: Prepare test id: prepare-test - uses: ./.github/prepare-test + uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} - name: Set up Go @@ -85,7 +85,7 @@ jobs: retention-days: 7 - name: Check sarif - uses: ./../action/.github/check-sarif + uses: ./../action/.github/actions/check-sarif # Running on Windows requires CodeQL CLI 2.9.0+. if: "!(matrix.version == 'stable-20220120' && runner.os == 'Windows')" with: diff --git a/.github/workflows/__multi-language-autodetect.yml b/.github/workflows/__multi-language-autodetect.yml index 560dafcf27..6a150b10a8 100644 --- a/.github/workflows/__multi-language-autodetect.yml +++ b/.github/workflows/__multi-language-autodetect.yml @@ -57,7 +57,7 @@ jobs: uses: actions/checkout@v3 - name: Prepare test id: prepare-test - uses: ./.github/prepare-test + uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} - name: Set up Go @@ -71,7 +71,7 @@ jobs: db-location: ${{ runner.temp }}/customDbLocation tools: ${{ steps.prepare-test.outputs.tools-url }} - - uses: ./../action/.github/setup-swift + - uses: ./../action/.github/actions/setup-swift with: codeql-path: ${{steps.init.outputs.codeql-path}} diff --git a/.github/workflows/__packaging-codescanning-config-inputs-js.yml b/.github/workflows/__packaging-codescanning-config-inputs-js.yml index 7a86504374..6cb8c49831 100644 --- a/.github/workflows/__packaging-codescanning-config-inputs-js.yml +++ b/.github/workflows/__packaging-codescanning-config-inputs-js.yml @@ -51,7 +51,7 @@ jobs: uses: actions/checkout@v3 - name: Prepare test id: prepare-test - uses: ./.github/prepare-test + uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} - uses: ./../action/init @@ -69,7 +69,7 @@ jobs: upload-database: false - name: Check results - uses: ./../action/.github/check-sarif + uses: ./../action/.github/actions/check-sarif with: sarif-file: ${{ runner.temp }}/results/javascript.sarif queries-run: javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block diff --git a/.github/workflows/__packaging-config-inputs-js.yml b/.github/workflows/__packaging-config-inputs-js.yml index 5fde2b92ca..e8426cffc4 100644 --- a/.github/workflows/__packaging-config-inputs-js.yml +++ b/.github/workflows/__packaging-config-inputs-js.yml @@ -51,7 +51,7 @@ jobs: uses: actions/checkout@v3 - name: Prepare test id: prepare-test - uses: ./.github/prepare-test + uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} - uses: ./../action/init @@ -69,7 +69,7 @@ jobs: upload-database: false - name: Check results - uses: ./../action/.github/check-sarif + uses: ./../action/.github/actions/check-sarif with: sarif-file: ${{ runner.temp }}/results/javascript.sarif queries-run: javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block diff --git a/.github/workflows/__packaging-config-js.yml b/.github/workflows/__packaging-config-js.yml index 04b330fea1..759f12cf95 100644 --- a/.github/workflows/__packaging-config-js.yml +++ b/.github/workflows/__packaging-config-js.yml @@ -51,7 +51,7 @@ jobs: uses: actions/checkout@v3 - name: Prepare test id: prepare-test - uses: ./.github/prepare-test + uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} - uses: ./../action/init @@ -68,7 +68,7 @@ jobs: upload-database: false - name: Check results - uses: ./../action/.github/check-sarif + uses: ./../action/.github/actions/check-sarif with: sarif-file: ${{ runner.temp }}/results/javascript.sarif queries-run: javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block diff --git a/.github/workflows/__packaging-inputs-js.yml b/.github/workflows/__packaging-inputs-js.yml index 13887ba5d7..6d5763b685 100644 --- a/.github/workflows/__packaging-inputs-js.yml +++ b/.github/workflows/__packaging-inputs-js.yml @@ -51,7 +51,7 @@ jobs: uses: actions/checkout@v3 - name: Prepare test id: prepare-test - uses: ./.github/prepare-test + uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} - uses: ./../action/init @@ -68,7 +68,7 @@ jobs: output: ${{ runner.temp }}/results - name: Check results - uses: ./../action/.github/check-sarif + uses: ./../action/.github/actions/check-sarif with: sarif-file: ${{ runner.temp }}/results/javascript.sarif queries-run: javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block diff --git a/.github/workflows/__remote-config.yml b/.github/workflows/__remote-config.yml index 69e49c4395..8b1440eedb 100644 --- a/.github/workflows/__remote-config.yml +++ b/.github/workflows/__remote-config.yml @@ -69,7 +69,7 @@ jobs: uses: actions/checkout@v3 - name: Prepare test id: prepare-test - uses: ./.github/prepare-test + uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} - name: Set up Go diff --git a/.github/workflows/__rubocop-multi-language.yml b/.github/workflows/__rubocop-multi-language.yml index a706b73751..96156ab74f 100644 --- a/.github/workflows/__rubocop-multi-language.yml +++ b/.github/workflows/__rubocop-multi-language.yml @@ -35,7 +35,7 @@ jobs: uses: actions/checkout@v3 - name: Prepare test id: prepare-test - uses: ./.github/prepare-test + uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} - name: Set up Ruby diff --git a/.github/workflows/__ruby.yml b/.github/workflows/__ruby.yml index cb1b505d5d..a9e68ea511 100644 --- a/.github/workflows/__ruby.yml +++ b/.github/workflows/__ruby.yml @@ -45,7 +45,7 @@ jobs: uses: actions/checkout@v3 - name: Prepare test id: prepare-test - uses: ./.github/prepare-test + uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} - uses: ./../action/init diff --git a/.github/workflows/__split-workflow.yml b/.github/workflows/__split-workflow.yml index 7d3a2650e1..3492061d66 100644 --- a/.github/workflows/__split-workflow.yml +++ b/.github/workflows/__split-workflow.yml @@ -45,7 +45,7 @@ jobs: uses: actions/checkout@v3 - name: Prepare test id: prepare-test - uses: ./.github/prepare-test + uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} - uses: ./../action/init diff --git a/.github/workflows/__submit-sarif-failure.yml b/.github/workflows/__submit-sarif-failure.yml index 3d16460aa0..b3fb9ad123 100644 --- a/.github/workflows/__submit-sarif-failure.yml +++ b/.github/workflows/__submit-sarif-failure.yml @@ -39,7 +39,7 @@ jobs: uses: actions/checkout@v3 - name: Prepare test id: prepare-test - uses: ./.github/prepare-test + uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} - uses: actions/checkout@v3 diff --git a/.github/workflows/__swift-custom-build.yml b/.github/workflows/__swift-custom-build.yml index d10246db14..c04bc75c78 100644 --- a/.github/workflows/__swift-custom-build.yml +++ b/.github/workflows/__swift-custom-build.yml @@ -45,7 +45,7 @@ jobs: uses: actions/checkout@v3 - name: Prepare test id: prepare-test - uses: ./.github/prepare-test + uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} - uses: ./../action/init @@ -53,7 +53,7 @@ jobs: with: languages: swift tools: ${{ steps.prepare-test.outputs.tools-url }} - - uses: ./../action/.github/setup-swift + - uses: ./../action/.github/actions/setup-swift with: codeql-path: ${{steps.init.outputs.codeql-path}} - name: Check working directory diff --git a/.github/workflows/__test-autobuild-working-dir.yml b/.github/workflows/__test-autobuild-working-dir.yml index b0baa3b3f5..c151b4fabd 100644 --- a/.github/workflows/__test-autobuild-working-dir.yml +++ b/.github/workflows/__test-autobuild-working-dir.yml @@ -35,7 +35,7 @@ jobs: uses: actions/checkout@v3 - name: Prepare test id: prepare-test - uses: ./.github/prepare-test + uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} - name: Test setup diff --git a/.github/workflows/__test-local-codeql.yml b/.github/workflows/__test-local-codeql.yml index f5c5ff669f..cb78865496 100644 --- a/.github/workflows/__test-local-codeql.yml +++ b/.github/workflows/__test-local-codeql.yml @@ -35,7 +35,7 @@ jobs: uses: actions/checkout@v3 - name: Prepare test id: prepare-test - uses: ./.github/prepare-test + uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} - name: Fetch a CodeQL bundle diff --git a/.github/workflows/__test-proxy.yml b/.github/workflows/__test-proxy.yml index 9895f01843..a5e24847df 100644 --- a/.github/workflows/__test-proxy.yml +++ b/.github/workflows/__test-proxy.yml @@ -35,7 +35,7 @@ jobs: uses: actions/checkout@v3 - name: Prepare test id: prepare-test - uses: ./.github/prepare-test + uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} - uses: ./../action/init diff --git a/.github/workflows/__unset-environment.yml b/.github/workflows/__unset-environment.yml index 44c8e48562..7d863eebcf 100644 --- a/.github/workflows/__unset-environment.yml +++ b/.github/workflows/__unset-environment.yml @@ -45,7 +45,7 @@ jobs: uses: actions/checkout@v3 - name: Prepare test id: prepare-test - uses: ./.github/prepare-test + uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} - name: Set up Go diff --git a/.github/workflows/__upload-ref-sha-input.yml b/.github/workflows/__upload-ref-sha-input.yml index d235743d7f..d7a6599e25 100644 --- a/.github/workflows/__upload-ref-sha-input.yml +++ b/.github/workflows/__upload-ref-sha-input.yml @@ -69,7 +69,7 @@ jobs: uses: actions/checkout@v3 - name: Prepare test id: prepare-test - uses: ./.github/prepare-test + uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} - name: Set up Go diff --git a/.github/workflows/__with-checkout-path.yml b/.github/workflows/__with-checkout-path.yml index 7ffc2ec457..e7067ae1d7 100644 --- a/.github/workflows/__with-checkout-path.yml +++ b/.github/workflows/__with-checkout-path.yml @@ -69,7 +69,7 @@ jobs: uses: actions/checkout@v3 - name: Prepare test id: prepare-test - uses: ./.github/prepare-test + uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} - name: Set up Go diff --git a/.github/workflows/codescanning-config-cli.yml b/.github/workflows/codescanning-config-cli.yml index 272dc3a672..fe1d3f8989 100644 --- a/.github/workflows/codescanning-config-cli.yml +++ b/.github/workflows/codescanning-config-cli.yml @@ -47,12 +47,12 @@ jobs: uses: actions/checkout@v3 - name: Prepare test id: prepare-test - uses: ./.github/prepare-test + uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} - name: Empty file - uses: ./../action/.github/check-codescanning-config + uses: ./../action/.github/actions/check-codescanning-config with: expected-config-file-contents: "{}" languages: javascript @@ -60,7 +60,7 @@ jobs: - name: Packs from input if: success() || failure() - uses: ./../action/.github/check-codescanning-config + uses: ./../action/.github/actions/check-codescanning-config with: expected-config-file-contents: | { @@ -72,7 +72,7 @@ jobs: - name: Packs from input with + if: success() || failure() - uses: ./../action/.github/check-codescanning-config + uses: ./../action/.github/actions/check-codescanning-config with: expected-config-file-contents: | { @@ -84,7 +84,7 @@ jobs: - name: Queries from input if: success() || failure() - uses: ./../action/.github/check-codescanning-config + uses: ./../action/.github/actions/check-codescanning-config with: expected-config-file-contents: | { @@ -96,7 +96,7 @@ jobs: - name: Queries from input with + if: success() || failure() - uses: ./../action/.github/check-codescanning-config + uses: ./../action/.github/actions/check-codescanning-config with: expected-config-file-contents: | { @@ -108,7 +108,7 @@ jobs: - name: Queries and packs from input with + if: success() || failure() - uses: ./../action/.github/check-codescanning-config + uses: ./../action/.github/actions/check-codescanning-config with: expected-config-file-contents: | { @@ -122,7 +122,7 @@ jobs: - name: Queries and packs from config if: success() || failure() - uses: ./../action/.github/check-codescanning-config + uses: ./../action/.github/actions/check-codescanning-config with: expected-config-file-contents: | { @@ -137,7 +137,7 @@ jobs: - name: Queries and packs from config overriden by input if: success() || failure() - uses: ./../action/.github/check-codescanning-config + uses: ./../action/.github/actions/check-codescanning-config with: expected-config-file-contents: | { @@ -152,7 +152,7 @@ jobs: - name: Queries and packs from config merging with input if: success() || failure() - uses: ./../action/.github/check-codescanning-config + uses: ./../action/.github/actions/check-codescanning-config with: expected-config-file-contents: | { @@ -172,7 +172,7 @@ jobs: - name: Multi-language packs from config if: success() || failure() - uses: ./../action/.github/check-codescanning-config + uses: ./../action/.github/actions/check-codescanning-config with: expected-config-file-contents: | { @@ -190,7 +190,7 @@ jobs: - name: Other config properties if: success() || failure() - uses: ./../action/.github/check-codescanning-config + uses: ./../action/.github/actions/check-codescanning-config with: expected-config-file-contents: | { @@ -209,7 +209,7 @@ jobs: if: success() || failure() env: CODEQL_PASS_CONFIG_TO_CLI: false - uses: ./../action/.github/check-codescanning-config + uses: ./../action/.github/actions/check-codescanning-config with: expected-config-file-contents: "" languages: javascript diff --git a/.github/workflows/debug-artifacts-failure.yml b/.github/workflows/debug-artifacts-failure.yml index 0bbf47048e..9740121655 100644 --- a/.github/workflows/debug-artifacts-failure.yml +++ b/.github/workflows/debug-artifacts-failure.yml @@ -36,7 +36,7 @@ jobs: uses: actions/checkout@v3 - name: Prepare test id: prepare-test - uses: ./.github/prepare-test + uses: ./.github/actions/prepare-test with: version: latest - uses: actions/setup-go@v4 diff --git a/.github/workflows/debug-artifacts.yml b/.github/workflows/debug-artifacts.yml index 781ee9cbec..993700ec01 100644 --- a/.github/workflows/debug-artifacts.yml +++ b/.github/workflows/debug-artifacts.yml @@ -56,7 +56,7 @@ jobs: uses: actions/checkout@v3 - name: Prepare test id: prepare-test - uses: ./.github/prepare-test + uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} - uses: actions/setup-go@v4 diff --git a/.github/workflows/expected-queries-runs.yml b/.github/workflows/expected-queries-runs.yml index c9b79b7e94..b3b33e1df1 100644 --- a/.github/workflows/expected-queries-runs.yml +++ b/.github/workflows/expected-queries-runs.yml @@ -25,7 +25,7 @@ jobs: uses: actions/checkout@v3 - name: Prepare test id: prepare-test - uses: ./.github/prepare-test + uses: ./.github/actions/prepare-test with: version: latest - uses: ./../action/init @@ -39,7 +39,7 @@ jobs: upload: never - name: Check Sarif - uses: ./../action/.github/check-sarif + uses: ./../action/.github/actions/check-sarif with: sarif-file: ${{ runner.temp }}/results/javascript.sarif queries-run: js/incomplete-hostname-regexp,js/path-injection diff --git a/.github/workflows/query-filters.yml b/.github/workflows/query-filters.yml index c384a231dd..e2f5642ea5 100644 --- a/.github/workflows/query-filters.yml +++ b/.github/workflows/query-filters.yml @@ -23,12 +23,12 @@ jobs: uses: actions/checkout@v3 - name: Prepare test id: prepare-test - uses: ./.github/prepare-test + uses: ./.github/actions/prepare-test with: version: latest - name: Check SARIF for default queries with Single include, Single exclude - uses: ./../action/.github/query-filter-test + uses: ./../action/.github/actions/query-filter-test with: sarif-file: ${{ runner.temp }}/results/javascript.sarif queries-run: js/zipslip @@ -37,7 +37,7 @@ jobs: tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Check SARIF for query packs with Single include, Single exclude - uses: ./../action/.github/query-filter-test + uses: ./../action/.github/actions/query-filter-test with: sarif-file: ${{ runner.temp }}/results/javascript.sarif queries-run: js/zipslip,javascript/example/empty-or-one-block @@ -46,7 +46,7 @@ jobs: tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Check SARIF for query packs and local queries with Single include, Single exclude - uses: ./../action/.github/query-filter-test + uses: ./../action/.github/actions/query-filter-test with: sarif-file: ${{ runner.temp }}/results/javascript.sarif queries-run: js/zipslip,javascript/example/empty-or-one-block,inrepo-javascript-querypack/show-ifs diff --git a/.github/workflows/update-bundle.yml b/.github/workflows/update-bundle.yml new file mode 100644 index 0000000000..a94d11e934 --- /dev/null +++ b/.github/workflows/update-bundle.yml @@ -0,0 +1,82 @@ +name: Update default CodeQL bundle + +on: + release: + types: [prereleased] + +jobs: + update-bundle: + if: startsWith(github.event.release.tag_name, 'codeql-bundle-') + runs-on: ubuntu-latest + steps: + - name: Dump environment + run: env + + - name: Dump GitHub context + env: + GITHUB_CONTEXT: '${{ toJson(github) }}' + run: echo "$GITHUB_CONTEXT" + + - uses: actions/checkout@v3 + + - name: Update git config + run: | + git config --global user.email "github-actions@github.com" + git config --global user.name "github-actions[bot]" + + - name: Update bundle + uses: ./.github/actions/update-bundle + + - name: Rebuild Action + run: npm run build + + - name: Commit and push changes + env: + RELEASE_TAG: "${{ github.event.release.tag_name }}" + run: | + git checkout -b "update-bundle/$RELEASE_TAG" + git commit -am "Update default bundle to $RELEASE_TAG" + git push --set-upstream origin "update-bundle/$RELEASE_TAG" + + - name: Open pull request + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + cli_version=$(jq -r '.cliVersion' src/defaults.json) + pr_url=$(gh pr create \ + --title "Update default bundle to $cli_version" \ + --body "This pull request updates the default CodeQL bundle, as used with \`tools: latest\` and on GHES, to $cli_version." \ + --assignee "$GITHUB_ACTOR" \ + --draft \ + ) + echo "CLI_VERSION=$cli_version" | tee -a "$GITHUB_ENV" + echo "PR_URL=$pr_url" | tee -a "$GITHUB_ENV" + + - name: Create changelog note + shell: python + run: | + import os + import re + + # Get the PR number from the PR URL. + pr_number = os.environ['PR_URL'].split('/')[-1] + changelog_note = f"- Update default CodeQL bundle version to {os.environ['CLI_VERSION']}. [#{pr_number}]({os.environ['PR_URL']})" + + # If the "[UNRELEASED]" section starts with "no user facing changes", remove that line. + # Use perl to avoid having to escape the newline character. + + with open('CHANGELOG.md', 'r') as f: + changelog = f.read() + + changelog = changelog.replace('## [UNRELEASED]\n\nNo user facing changes.', '## [UNRELEASED]\n') + + # Add the changelog note to the bottom of the "[UNRELEASED]" section. + changelog = re.sub(r'\n## (\d+\.\d+\.\d+)', f'{changelog_note}\n\n## \\1', changelog, count=1) + + with open('CHANGELOG.md', 'w') as f: + f.write(changelog) + + - name: Push changelog note + run: | + git commit -am "Add changelog note" + git push diff --git a/CHANGELOG.md b/CHANGELOG.md index 7e858e7936..ba34513686 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,7 @@ ## [UNRELEASED] -No user facing changes. +- Update default CodeQL bundle version to 2.12.6. [#1629](https://github.com/github/codeql-action/pull/1629) ## 2.2.9 - 27 Mar 2023 diff --git a/lib/defaults.json b/lib/defaults.json index fe191836e0..10cc950fcc 100644 --- a/lib/defaults.json +++ b/lib/defaults.json @@ -1,6 +1,6 @@ { - "bundleVersion": "codeql-bundle-20230317", - "cliVersion": "2.12.5", - "priorBundleVersion": "codeql-bundle-20230304", - "priorCliVersion": "2.12.4" + "bundleVersion": "codeql-bundle-20230403", + "cliVersion": "2.12.6", + "priorBundleVersion": "codeql-bundle-20230317", + "priorCliVersion": "2.12.5" } diff --git a/pr-checks/checks/export-file-baseline-information.yml b/pr-checks/checks/export-file-baseline-information.yml index e3008a1567..058c0eaf6d 100644 --- a/pr-checks/checks/export-file-baseline-information.yml +++ b/pr-checks/checks/export-file-baseline-information.yml @@ -11,7 +11,7 @@ steps: tools: ${{ steps.prepare-test.outputs.tools-url }} env: CODEQL_FILE_BASELINE_INFORMATION: true - - uses: ./../action/.github/setup-swift + - uses: ./../action/.github/actions/setup-swift with: codeql-path: ${{steps.init.outputs.codeql-path}} - name: Build code diff --git a/pr-checks/checks/ml-powered-queries.yml b/pr-checks/checks/ml-powered-queries.yml index d0628b32cc..3aadbe0250 100644 --- a/pr-checks/checks/ml-powered-queries.yml +++ b/pr-checks/checks/ml-powered-queries.yml @@ -28,7 +28,7 @@ steps: retention-days: 7 - name: Check sarif - uses: ./../action/.github/check-sarif + uses: ./../action/.github/actions/check-sarif # Running on Windows requires CodeQL CLI 2.9.0+. if: "!(matrix.version == 'stable-20220120' && runner.os == 'Windows')" with: diff --git a/pr-checks/checks/multi-language-autodetect.yml b/pr-checks/checks/multi-language-autodetect.yml index 73d520799a..70175f0c24 100644 --- a/pr-checks/checks/multi-language-autodetect.yml +++ b/pr-checks/checks/multi-language-autodetect.yml @@ -10,7 +10,7 @@ steps: db-location: "${{ runner.temp }}/customDbLocation" tools: ${{ steps.prepare-test.outputs.tools-url }} - - uses: ./../action/.github/setup-swift + - uses: ./../action/.github/actions/setup-swift with: codeql-path: ${{steps.init.outputs.codeql-path}} diff --git a/pr-checks/checks/packaging-codescanning-config-inputs-js.yml b/pr-checks/checks/packaging-codescanning-config-inputs-js.yml index 6444593122..ccef0a226f 100644 --- a/pr-checks/checks/packaging-codescanning-config-inputs-js.yml +++ b/pr-checks/checks/packaging-codescanning-config-inputs-js.yml @@ -21,7 +21,7 @@ steps: upload-database: false - name: Check results - uses: ./../action/.github/check-sarif + uses: ./../action/.github/actions/check-sarif with: sarif-file: ${{ runner.temp }}/results/javascript.sarif queries-run: javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block diff --git a/pr-checks/checks/packaging-config-inputs-js.yml b/pr-checks/checks/packaging-config-inputs-js.yml index d942dceaf4..3af646619d 100644 --- a/pr-checks/checks/packaging-config-inputs-js.yml +++ b/pr-checks/checks/packaging-config-inputs-js.yml @@ -17,7 +17,7 @@ steps: upload-database: false - name: Check results - uses: ./../action/.github/check-sarif + uses: ./../action/.github/actions/check-sarif with: sarif-file: ${{ runner.temp }}/results/javascript.sarif queries-run: javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block diff --git a/pr-checks/checks/packaging-config-js.yml b/pr-checks/checks/packaging-config-js.yml index 1d39ba8ca4..42d955d471 100644 --- a/pr-checks/checks/packaging-config-js.yml +++ b/pr-checks/checks/packaging-config-js.yml @@ -16,7 +16,7 @@ steps: upload-database: false - name: Check results - uses: ./../action/.github/check-sarif + uses: ./../action/.github/actions/check-sarif with: sarif-file: ${{ runner.temp }}/results/javascript.sarif queries-run: javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block diff --git a/pr-checks/checks/packaging-inputs-js.yml b/pr-checks/checks/packaging-inputs-js.yml index 6a254bd967..0d213f1300 100644 --- a/pr-checks/checks/packaging-inputs-js.yml +++ b/pr-checks/checks/packaging-inputs-js.yml @@ -16,7 +16,7 @@ steps: output: "${{ runner.temp }}/results" - name: Check results - uses: ./../action/.github/check-sarif + uses: ./../action/.github/actions/check-sarif with: sarif-file: ${{ runner.temp }}/results/javascript.sarif queries-run: javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block diff --git a/pr-checks/checks/swift-custom-build.yml b/pr-checks/checks/swift-custom-build.yml index 1fc1dd5f34..8d626d9320 100644 --- a/pr-checks/checks/swift-custom-build.yml +++ b/pr-checks/checks/swift-custom-build.yml @@ -11,7 +11,7 @@ steps: with: languages: swift tools: ${{ steps.prepare-test.outputs.tools-url }} - - uses: ./../action/.github/setup-swift + - uses: ./../action/.github/actions/setup-swift with: codeql-path: ${{steps.init.outputs.codeql-path}} - name: Check working directory diff --git a/pr-checks/sync.py b/pr-checks/sync.py index a5f05c1dc6..ef2e06cfb1 100644 --- a/pr-checks/sync.py +++ b/pr-checks/sync.py @@ -79,7 +79,7 @@ def writeHeader(checkStream): { 'name': 'Prepare test', 'id': 'prepare-test', - 'uses': './.github/prepare-test', + 'uses': './.github/actions/prepare-test', 'with': { 'version': '${{ matrix.version }}' } diff --git a/src/defaults.json b/src/defaults.json index c4597cc383..659c095640 100644 --- a/src/defaults.json +++ b/src/defaults.json @@ -1,6 +1,6 @@ { - "bundleVersion": "codeql-bundle-20230317", - "cliVersion": "2.12.5", - "priorBundleVersion": "codeql-bundle-20230304", - "priorCliVersion": "2.12.4" + "bundleVersion": "codeql-bundle-20230403", + "cliVersion": "2.12.6", + "priorBundleVersion": "codeql-bundle-20230317", + "priorCliVersion": "2.12.5" }