Merge pull request #805 from github/update-v1.0.22-ae284321

Merge main into v1
github · Nov 4, 2021 · 5581e08 · 5581e08
2 parents e891551 + df5cf24
commit 5581e08
Show file tree

Hide file tree

Showing 766 changed files with 54,536 additions and 20,504 deletions.
diff --git a/.github/workflows/__debug-artifacts.yml b/.github/workflows/__debug-artifacts.yml
diff --git a/.github/workflows/__extractor-ram-threads.yml b/.github/workflows/__extractor-ram-threads.yml
diff --git a/.github/workflows/__unset-environment.yml b/.github/workflows/__unset-environment.yml
diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml
@@ -393,3 +393,42 @@ jobs:
           # Deliberately don't use TEST_MODE here. This is specifically testing
           # the compatibility with the API.
           runner/dist/codeql-runner-linux upload --sarif-file src/testdata/empty-sarif.sarif --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
+
+  runner-extractor-ram-threads-options:
+    name: Runner ubuntu extractor RAM and threads options
+    needs: [check-js, check-node-modules]
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Build runner
+        run: |
+          cd runner
+          npm install
+          npm run build-runner
+
+      - name: Run init
+        run: |
+          runner/dist/codeql-runner-linux init --ram=230 --threads=1 --repository $GITHUB_REPOSITORY --languages java --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
+
+      - name: Assert Results
+        shell: bash
+        run: |
+          . ./codeql-runner/codeql-env.sh
+          if [ "${CODEQL_RAM}" != "230" ]; then
+            echo "CODEQL_RAM is '${CODEQL_RAM}' instead of 230"
+            exit 1
+          fi
+          if [ "${CODEQL_EXTRACTOR_JAVA_RAM}" != "230" ]; then
+            echo "CODEQL_EXTRACTOR_JAVA_RAM is '${CODEQL_EXTRACTOR_JAVA_RAM}' instead of 230"
+            exit 1
+          fi
+          if [ "${CODEQL_THREADS}" != "1" ]; then
+            echo "CODEQL_THREADS is '${CODEQL_THREADS}' instead of 1"
+            exit 1
+          fi
+          if [ "${CODEQL_EXTRACTOR_JAVA_THREADS}" != "1" ]; then
+            echo "CODEQL_EXTRACTOR_JAVA_THREADS is '${CODEQL_EXTRACTOR_JAVA_THREADS}' instead of 1"
+            exit 1
+          fi
diff --git a/.github/workflows/update-dependencies.yml b/.github/workflows/update-dependencies.yml
@@ -11,6 +11,8 @@ jobs:
     steps:
     - name: Checkout repository
       uses: actions/checkout@v2
+      with:
+        persist-credentials: false
 
     - name: Remove PR label
       env:

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,10 @@
 # CodeQL Action and CodeQL Runner Changelog
 
+## 1.0.22 - 04 Nov 2021
+
+- The `init` step of the Action now supports `ram` and `threads` inputs to limit resource use of CodeQL extractors. These inputs also serve as defaults to the subsequent `analyze` step, which finalizes the database and executes queries. [#738](https://github.com/github/codeql-action/pull/738)
+- When used with CodeQL 2.7.1 or above, the Action now includes custom query help in the analysis results uploaded to GitHub code scanning, if available. To add help text for a custom query, create a Markdown file next to the `.ql` file containing the query, using the same base name but the file extension `.md`. [#804](https://github.com/github/codeql-action/pull/804)
+
 ## 1.0.21 - 28 Oct 2021
 
 - Update default CodeQL bundle version to 2.7.0. [#795](https://github.com/github/codeql-action/pull/795)

diff --git a/analyze/action.yml b/analyze/action.yml
@@ -1,24 +1,29 @@
-name: 'CodeQL: Finish'
-description: 'Finalize CodeQL database'
-author: 'GitHub'
+name: "CodeQL: Finish"
+description: "Finalize CodeQL database"
+author: "GitHub"
 inputs:
   check_name:
     description: The name of the check run to add text to.
     required: false
   output:
     description: The path of the directory in which to save the SARIF results
     required: false
-    default: '../results'
+    default: "../results"
   upload:
-    description: Upload the SARIF file
+    description: Upload the SARIF file to Code Scanning
     required: false
     default: "true"
   cleanup-level:
     description: "Level of cleanup to perform on CodeQL databases at the end of the analyze step. This should either be 'none' to skip cleanup, or be a valid argument for the --mode flag of the CodeQL CLI command 'codeql database cleanup' as documented at https://codeql.github.com/docs/codeql-cli/manual/database-cleanup"
     required: false
     default: "brutal"
   ram:
-    description: Override the amount of memory in MB to be used by CodeQL. By default, almost all the memory of the machine is used.
+    description: >-
+      The amount of memory in MB that can be used by CodeQL for database finalization and query execution.
+      By default, this action will use the same amount of memory as previously set in the "init" action.
+      If the "init" action also does not have an explicit "ram" input, this action will use most of the
+      memory available in the system (which for GitHub-hosted runners is 6GB for Linux, 5.5GB for Windows,
+      and 13GB for macOS).
     required: false
   add-snippets:
     description: Specify whether or not to add code snippets to the output sarif file.
@@ -29,7 +34,12 @@ inputs:
     required: false
     default: "false"
   threads:
-    description: The number of threads to be used by CodeQL.
+    description: >-
+      The number of threads that can be used by CodeQL for database finalization and query execution.
+      By default, this action will use the same number of threads as previously set in the "init" action.
+      If the "init" action also does not have an explicit "threads" input, this action will use all the
+      hardware threads available in the system (which for GitHub-hosted runners is 2 for Linux and Windows
+      and 3 for macOS).
     required: false
   checkout_path:
     description: "The path at which the analyzed repository was checked out. Used to relativize any absolute paths in the uploaded SARIF file."
@@ -50,5 +60,5 @@ outputs:
   db-locations:
     description: A map from language to absolute path for each database created by CodeQL.
 runs:
-  using: 'node12'
-  main: '../lib/analyze-action.js'
+  using: "node12"
+  main: "../lib/analyze-action.js"
diff --git a/init/action.yml b/init/action.yml
@@ -41,6 +41,24 @@ inputs:
   source-root:
     description: Path of the root source code directory, relative to $GITHUB_WORKSPACE.
     required: false
+  ram:
+    description: >-
+      The amount of memory in MB that can be used by CodeQL extractors.
+      By default, CodeQL extractors will use most of the memory available in the system
+      (which for GitHub-hosted runners is 6GB for Linux, 5.5GB for Windows, and 13GB for macOS).
+      This input also sets the amount of memory that can later be used by the "analyze" action.
+    required: false
+  threads:
+    description: >-
+      The number of threads that can be used by CodeQL extractors.
+      By default, CodeQL extractors will use all the hardware threads available in the system
+      (which for GitHub-hosted runners is 2 for Linux and Windows and 3 for macOS).
+      This input also sets the number of threads that can later be used by the "analyze" action.
+    required: false
+  debug:
+    description: Enable debugging mode. This will result in more output being produced which may be useful when debugging certain issues.
+    required: false
+    default: 'false'
 outputs:
   codeql-path:
     description: The path of the CodeQL binary used for analysis

diff --git a/lib/analysis-paths.test.js b/lib/analysis-paths.test.js