diff --git a/.github/workflows/check-for-conflicts.yml b/.github/workflows/check-for-conflicts.yml deleted file mode 100644 index fe96d9ac3b..0000000000 --- a/.github/workflows/check-for-conflicts.yml +++ /dev/null @@ -1,31 +0,0 @@ -# Checks for any conflict markers created by git. This check is primarily intended to validate that -# any merge conflicts in the v2 -> v1 backport PR are fixed before the PR is merged. -name: Check for conflicts - -on: - pull_request: - branches: [main, releases/v1, releases/v2] - # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened - # by other workflows. - types: [opened, synchronize, reopened, ready_for_review] - -jobs: - check-for-conflicts: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - - name: Check for conflicts - run: | - # Use `|| true` since grep returns exit code 1 if there are no matches, and we don't want - # this to fail the workflow. - FILES_WITH_CONFLICTS=$(grep --extended-regexp --ignore-case --line-number --recursive \ - '^(<<<<<<<|>>>>>>>)' . || true) - if [[ "${FILES_WITH_CONFLICTS}" ]]; then - echo "Fail: Found merge conflict markers in the following files:" - echo "" - echo "${FILES_WITH_CONFLICTS}" - exit 1 - else - echo "Success: Found no merge conflict markers." - fi diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml index b36fdb8000..a97ef1d405 100644 --- a/.github/workflows/pr-checks.yml +++ b/.github/workflows/pr-checks.yml @@ -1,4 +1,4 @@ -name: PR Checks (Basic Checks and Runner) +name: PR Checks on: push: @@ -10,17 +10,8 @@ on: workflow_dispatch: jobs: - lint-js: - name: Lint - runs-on: ubuntu-latest - timeout-minutes: 45 - - steps: - - uses: actions/checkout@v3 - - name: Run Lint - run: npm run-script lint - check-js: + name: Check JS runs-on: ubuntu-latest timeout-minutes: 45 @@ -30,7 +21,11 @@ jobs: node-types-version: [12.12, current] steps: - - uses: actions/checkout@v3 + - name: Checkout + uses: actions/checkout@v3 + + - name: Lint + run: npm run-script lint - name: Update version of @types/node if: matrix.node-types-version != 'current' @@ -67,21 +62,43 @@ jobs: - name: Check node modules up to date run: .github/workflows/script/check-node-modules.sh - verify-pr-checks: - name: Verify PR checks up to date + check-file-contents: + name: Check file contents runs-on: ubuntu-latest timeout-minutes: 45 steps: - - uses: actions/checkout@v3 + - name: Checkout + uses: actions/checkout@v3 + + # Checks for any conflict markers created by git. This check is primarily intended to validate that + # any merge conflicts in the v2 -> v1 backport PR are fixed before the PR is merged. + - name: Check for merge conflicts + run: | + # Use `|| true` since grep returns exit code 1 if there are no matches, and we don't want + # this to fail the workflow. + FILES_WITH_CONFLICTS=$(grep --extended-regexp --ignore-case --line-number --recursive \ + '^(<<<<<<<|>>>>>>>)' . || true) + if [[ "${FILES_WITH_CONFLICTS}" ]]; then + echo "Fail: Found merge conflict markers in the following files:" + echo "" + echo "${FILES_WITH_CONFLICTS}" + exit 1 + else + echo "Success: Found no merge conflict markers." + fi + - name: Set up Python uses: actions/setup-python@v3 with: python-version: 3.8 + - name: Install dependencies run: | python -m pip install --upgrade pip pip install ruamel.yaml + + # Ensure the generated PR check workflows are up to date. - name: Verify PR checks up to date run: .github/workflows/script/verify-pr-checks.sh @@ -102,388 +119,3 @@ jobs: # we won't be able to find them on Windows. npm config set script-shell bash npm test - - runner-analyze-javascript-ubuntu: - name: Runner ubuntu JS analyze - needs: [check-js, check-node-modules] - timeout-minutes: 45 - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v3 - - - name: Build runner - run: | - cd runner - npm install - npm run build-runner - - - name: Run init - run: | - # Pass --config-file here, but not for other jobs in this workflow. - # This means we're testing the config file parsing in the runner - # but not slowing down all jobs unnecessarily as it doesn't add much - # testing the parsing on different operating systems and languages. - runner/dist/codeql-runner-linux init --repository $GITHUB_REPOSITORY --languages javascript --config-file ./.github/codeql/codeql-config.yml --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }} - - - name: Run analyze - run: | - runner/dist/codeql-runner-linux analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }} - env: - TEST_MODE: true - - runner-analyze-javascript-windows: - name: Runner windows JS analyze - needs: [check-js, check-node-modules] - timeout-minutes: 45 - runs-on: windows-latest - - steps: - - uses: actions/checkout@v3 - - - name: Build runner - run: | - cd runner - npm install - npm run build-runner - - - name: Run init - run: | - runner/dist/codeql-runner-win.exe init --repository $Env:GITHUB_REPOSITORY --languages javascript --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }} - - - name: Run analyze - run: | - runner/dist/codeql-runner-win.exe analyze --repository $Env:GITHUB_REPOSITORY --commit $Env:GITHUB_SHA --ref $Env:GITHUB_REF --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }} - env: - TEST_MODE: true - - runner-analyze-javascript-macos: - name: Runner macos JS analyze - needs: [check-js, check-node-modules] - timeout-minutes: 45 - runs-on: macos-latest - - steps: - - uses: actions/checkout@v3 - - - name: Build runner - run: | - cd runner - npm install - npm run build-runner - - - name: Run init - run: | - runner/dist/codeql-runner-macos init --repository $GITHUB_REPOSITORY --languages javascript --config-file ./.github/codeql/codeql-config.yml --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }} - - - name: Run analyze - run: | - runner/dist/codeql-runner-macos analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }} - env: - TEST_MODE: true - - runner-analyze-csharp-ubuntu: - name: Runner ubuntu C# analyze - needs: [check-js, check-node-modules] - timeout-minutes: 45 - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v3 - - - name: Move codeql-action - shell: bash - run: | - mkdir ../action - mv * .github ../action/ - mv ../action/tests/multi-language-repo/{*,.github} . - mv ../action/.github/workflows .github - - - name: Build runner - run: | - cd ../action/runner - npm install - npm run build-runner - - - name: Run init - run: | - ../action/runner/dist/codeql-runner-linux init --repository $GITHUB_REPOSITORY --languages csharp --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }} - - - name: Build code - run: | - . ./codeql-runner/codeql-env.sh - $CODEQL_RUNNER dotnet build /p:UseSharedCompilation=false - - - name: Run analyze - run: | - ../action/runner/dist/codeql-runner-linux analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }} - env: - TEST_MODE: true - - runner-analyze-csharp-windows: - name: Runner windows C# analyze - needs: [check-js, check-node-modules] - # Build tracing currently does not support Windows 2022, so use `windows-2019` instead of - # `windows-latest`. - timeout-minutes: 45 - runs-on: windows-2019 - - steps: - - uses: actions/checkout@v3 - - - name: Move codeql-action - shell: bash - run: | - mkdir ../action - mv * .github ../action/ - mv ../action/tests/multi-language-repo/{*,.github} . - mv ../action/.github/workflows .github - - - name: Build runner - run: | - cd ../action/runner - npm install - npm run build-runner - - - name: Run init - run: | - ../action/runner/dist/codeql-runner-win.exe init --repository $Env:GITHUB_REPOSITORY --languages csharp --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }} - - - name: Build code - shell: powershell - run: | - cat ./codeql-runner/codeql-env.sh | Invoke-Expression - $Env:CODEQL_EXTRACTOR_CSHARP_ROOT = "" # Unset an environment variable to make sure the tracer resists this - & $Env:CODEQL_RUNNER dotnet build /p:UseSharedCompilation=false - - - name: Upload tracer logs - uses: actions/upload-artifact@v3 - with: - name: tracer-logs - path: ./codeql-runner/compound-build-tracer.log - - - name: Run analyze - run: | - ../action/runner/dist/codeql-runner-win.exe analyze --repository $Env:GITHUB_REPOSITORY --commit $Env:GITHUB_SHA --ref $Env:GITHUB_REF --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }} - env: - TEST_MODE: true - - runner-analyze-csharp-macos: - name: Runner macos C# analyze - timeout-minutes: 45 - needs: [check-js, check-node-modules] - runs-on: macos-latest - - steps: - - uses: actions/checkout@v3 - - - name: Move codeql-action - shell: bash - run: | - mkdir ../action - mv * .github ../action/ - mv ../action/tests/multi-language-repo/{*,.github} . - mv ../action/.github/workflows .github - - - name: Build runner - run: | - cd ../action/runner - npm install - npm run build-runner - - - name: Run init - run: | - ../action/runner/dist/codeql-runner-macos init --repository $GITHUB_REPOSITORY --languages csharp --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }} - - - name: Build code - shell: bash - run: | - . ./codeql-runner/codeql-env.sh - $CODEQL_RUNNER dotnet build /p:UseSharedCompilation=false - - - name: Run analyze - run: | - ../action/runner/dist/codeql-runner-macos analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }} - env: - TEST_MODE: true - - runner-analyze-csharp-autobuild-ubuntu: - name: Runner ubuntu autobuild C# analyze - timeout-minutes: 45 - needs: [check-js, check-node-modules] - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v3 - - - name: Move codeql-action - shell: bash - run: | - mkdir ../action - mv * .github ../action/ - mv ../action/tests/multi-language-repo/{*,.github} . - mv ../action/.github/workflows .github - - - name: Build runner - run: | - cd ../action/runner - npm install - npm run build-runner - - - name: Run init - run: | - ../action/runner/dist/codeql-runner-linux init --repository $GITHUB_REPOSITORY --languages csharp --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }} - - - name: Build code - run: | - ../action/runner/dist/codeql-runner-linux autobuild - - - name: Run analyze - run: | - ../action/runner/dist/codeql-runner-linux analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }} - env: - TEST_MODE: true - - runner-analyze-csharp-autobuild-windows: - timeout-minutes: 45 - name: Runner windows autobuild C# analyze - needs: [check-js, check-node-modules] - # Build tracing currently does not support Windows 2022, so use `windows-2019` instead of - # `windows-latest`. - runs-on: windows-2019 - - steps: - - uses: actions/checkout@v3 - - - name: Move codeql-action - shell: bash - run: | - mkdir ../action - mv * .github ../action/ - mv ../action/tests/multi-language-repo/{*,.github} . - mv ../action/.github/workflows .github - - - name: Build runner - run: | - cd ../action/runner - npm install - npm run build-runner - - - name: Run init - run: | - ../action/runner/dist/codeql-runner-win.exe init --repository $Env:GITHUB_REPOSITORY --languages csharp --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }} - - - name: Build code - shell: powershell - run: | - ../action/runner/dist/codeql-runner-win.exe autobuild - - - name: Run analyze - run: | - ../action/runner/dist/codeql-runner-win.exe analyze --repository $Env:GITHUB_REPOSITORY --commit $Env:GITHUB_SHA --ref $Env:GITHUB_REF --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }} - env: - TEST_MODE: true - - runner-analyze-csharp-autobuild-macos: - name: Runner macos autobuild C# analyze - needs: [check-js, check-node-modules] - runs-on: macos-latest - timeout-minutes: 45 - - steps: - - uses: actions/checkout@v3 - - - name: Move codeql-action - shell: bash - run: | - mkdir ../action - mv * .github ../action/ - mv ../action/tests/multi-language-repo/{*,.github} . - mv ../action/.github/workflows .github - - - name: Build runner - run: | - cd ../action/runner - npm install - npm run build-runner - - - name: Run init - run: | - ../action/runner/dist/codeql-runner-macos init --repository $GITHUB_REPOSITORY --languages csharp --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }} - - - name: Build code - shell: bash - run: | - . codeql-runner/codeql-env.sh - CODEQL_RUNNER="$(cat codeql-runner/codeql-env.json | jq -r '.CODEQL_RUNNER')" - echo "$CODEQL_RUNNER" - $CODEQL_RUNNER ../action/runner/dist/codeql-runner-macos autobuild - - - name: Run analyze - run: | - ../action/runner/dist/codeql-runner-macos analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }} - env: - TEST_MODE: true - - runner-upload-sarif: - name: Runner upload sarif - needs: [check-js, check-node-modules] - runs-on: ubuntu-latest - timeout-minutes: 45 - - if: ${{ github.event_name != 'pull_request' || github.event.pull_request.base.repo.id == github.event.pull_request.head.repo.id }} - - steps: - - uses: actions/checkout@v3 - - - name: Build runner - run: | - cd runner - npm install - npm run build-runner - - - name: Upload with runner - run: | - # Deliberately don't use TEST_MODE here. This is specifically testing - # the compatibility with the API. - runner/dist/codeql-runner-linux upload --sarif-file src/testdata/empty-sarif.sarif --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }} - - runner-extractor-ram-threads-options: - name: Runner ubuntu extractor RAM and threads options - needs: [check-js, check-node-modules] - runs-on: ubuntu-latest - timeout-minutes: 45 - - steps: - - uses: actions/checkout@v3 - - - name: Build runner - run: | - cd runner - npm install - npm run build-runner - - - name: Run init - run: | - runner/dist/codeql-runner-linux init --ram=230 --threads=1 --repository $GITHUB_REPOSITORY --languages java --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }} - - - name: Assert Results - shell: bash - run: | - . ./codeql-runner/codeql-env.sh - if [ "${CODEQL_RAM}" != "230" ]; then - echo "CODEQL_RAM is '${CODEQL_RAM}' instead of 230" - exit 1 - fi - if [ "${CODEQL_EXTRACTOR_JAVA_RAM}" != "230" ]; then - echo "CODEQL_EXTRACTOR_JAVA_RAM is '${CODEQL_EXTRACTOR_JAVA_RAM}' instead of 230" - exit 1 - fi - if [ "${CODEQL_THREADS}" != "1" ]; then - echo "CODEQL_THREADS is '${CODEQL_THREADS}' instead of 1" - exit 1 - fi - if [ "${CODEQL_EXTRACTOR_JAVA_THREADS}" != "1" ]; then - echo "CODEQL_EXTRACTOR_JAVA_THREADS is '${CODEQL_EXTRACTOR_JAVA_THREADS}' instead of 1" - exit 1 - fi diff --git a/.github/workflows/python-deps.yml b/.github/workflows/python-deps.yml index 28efa81053..4a9ecbac0d 100644 --- a/.github/workflows/python-deps.yml +++ b/.github/workflows/python-deps.yml @@ -7,6 +7,17 @@ on: # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened # by other workflows. types: [opened, synchronize, reopened, ready_for_review] + paths: + # Changes to this workflow. + - '.github/workflows/python-deps.yml' + # Changes to the Python package installation scripts and their tests. + - 'python-setup/**' + # Changes to the default CodeQL bundle version. + - '**/defaults.json' + schedule: + # Weekly on Monday. + - cron: '0 0 * * 1' + workflow_dispatch: jobs: test-setup-python-scripts: diff --git a/.github/workflows/runner-checks.yml b/.github/workflows/runner-checks.yml new file mode 100644 index 0000000000..7fd3cfde8f --- /dev/null +++ b/.github/workflows/runner-checks.yml @@ -0,0 +1,393 @@ +name: CodeQL Runner Checks + +on: + push: + branches: [main, releases/v1, releases/v2] + pull_request: + # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened + # by other workflows. + types: [opened, synchronize, reopened, ready_for_review] + workflow_dispatch: + +jobs: + runner-analyze-javascript-ubuntu: + name: Runner ubuntu JS analyze + + timeout-minutes: 45 + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v3 + + - name: Build runner + run: | + cd runner + npm install + npm run build-runner + + - name: Run init + run: | + # Pass --config-file here, but not for other jobs in this workflow. + # This means we're testing the config file parsing in the runner + # but not slowing down all jobs unnecessarily as it doesn't add much + # testing the parsing on different operating systems and languages. + runner/dist/codeql-runner-linux init --repository $GITHUB_REPOSITORY --languages javascript --config-file ./.github/codeql/codeql-config.yml --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }} + + - name: Run analyze + run: | + runner/dist/codeql-runner-linux analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }} + env: + TEST_MODE: true + + runner-analyze-javascript-windows: + name: Runner windows JS analyze + timeout-minutes: 45 + runs-on: windows-latest + + steps: + - uses: actions/checkout@v3 + + - name: Build runner + run: | + cd runner + npm install + npm run build-runner + + - name: Run init + run: | + runner/dist/codeql-runner-win.exe init --repository $Env:GITHUB_REPOSITORY --languages javascript --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }} + + - name: Run analyze + run: | + runner/dist/codeql-runner-win.exe analyze --repository $Env:GITHUB_REPOSITORY --commit $Env:GITHUB_SHA --ref $Env:GITHUB_REF --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }} + env: + TEST_MODE: true + + runner-analyze-javascript-macos: + name: Runner macos JS analyze + timeout-minutes: 45 + runs-on: macos-latest + + steps: + - uses: actions/checkout@v3 + + - name: Build runner + run: | + cd runner + npm install + npm run build-runner + + - name: Run init + run: | + runner/dist/codeql-runner-macos init --repository $GITHUB_REPOSITORY --languages javascript --config-file ./.github/codeql/codeql-config.yml --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }} + + - name: Run analyze + run: | + runner/dist/codeql-runner-macos analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }} + env: + TEST_MODE: true + + runner-analyze-csharp-ubuntu: + name: Runner ubuntu C# analyze + timeout-minutes: 45 + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v3 + + - name: Move codeql-action + shell: bash + run: | + mkdir ../action + mv * .github ../action/ + mv ../action/tests/multi-language-repo/{*,.github} . + mv ../action/.github/workflows .github + + - name: Build runner + run: | + cd ../action/runner + npm install + npm run build-runner + + - name: Run init + run: | + ../action/runner/dist/codeql-runner-linux init --repository $GITHUB_REPOSITORY --languages csharp --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }} + + - name: Build code + run: | + . ./codeql-runner/codeql-env.sh + $CODEQL_RUNNER dotnet build /p:UseSharedCompilation=false + + - name: Run analyze + run: | + ../action/runner/dist/codeql-runner-linux analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }} + env: + TEST_MODE: true + + runner-analyze-csharp-windows: + name: Runner windows C# analyze + + # Build tracing currently does not support Windows 2022, so use `windows-2019` instead of + # `windows-latest`. + timeout-minutes: 45 + runs-on: windows-2019 + + steps: + - uses: actions/checkout@v3 + + - name: Move codeql-action + shell: bash + run: | + mkdir ../action + mv * .github ../action/ + mv ../action/tests/multi-language-repo/{*,.github} . + mv ../action/.github/workflows .github + + - name: Build runner + run: | + cd ../action/runner + npm install + npm run build-runner + + - name: Run init + run: | + ../action/runner/dist/codeql-runner-win.exe init --repository $Env:GITHUB_REPOSITORY --languages csharp --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }} + + - name: Build code + shell: powershell + run: | + cat ./codeql-runner/codeql-env.sh | Invoke-Expression + $Env:CODEQL_EXTRACTOR_CSHARP_ROOT = "" # Unset an environment variable to make sure the tracer resists this + & $Env:CODEQL_RUNNER dotnet build /p:UseSharedCompilation=false + + - name: Upload tracer logs + uses: actions/upload-artifact@v3 + with: + name: tracer-logs + path: ./codeql-runner/compound-build-tracer.log + + - name: Run analyze + run: | + ../action/runner/dist/codeql-runner-win.exe analyze --repository $Env:GITHUB_REPOSITORY --commit $Env:GITHUB_SHA --ref $Env:GITHUB_REF --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }} + env: + TEST_MODE: true + + runner-analyze-csharp-macos: + name: Runner macos C# analyze + timeout-minutes: 45 + + runs-on: macos-latest + + steps: + - uses: actions/checkout@v3 + + - name: Move codeql-action + shell: bash + run: | + mkdir ../action + mv * .github ../action/ + mv ../action/tests/multi-language-repo/{*,.github} . + mv ../action/.github/workflows .github + + - name: Build runner + run: | + cd ../action/runner + npm install + npm run build-runner + + - name: Run init + run: | + ../action/runner/dist/codeql-runner-macos init --repository $GITHUB_REPOSITORY --languages csharp --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }} + + - name: Build code + shell: bash + run: | + . ./codeql-runner/codeql-env.sh + $CODEQL_RUNNER dotnet build /p:UseSharedCompilation=false + + - name: Run analyze + run: | + ../action/runner/dist/codeql-runner-macos analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }} + env: + TEST_MODE: true + + runner-analyze-csharp-autobuild-ubuntu: + name: Runner ubuntu autobuild C# analyze + timeout-minutes: 45 + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v3 + + - name: Move codeql-action + shell: bash + run: | + mkdir ../action + mv * .github ../action/ + mv ../action/tests/multi-language-repo/{*,.github} . + mv ../action/.github/workflows .github + + - name: Build runner + run: | + cd ../action/runner + npm install + npm run build-runner + + - name: Run init + run: | + ../action/runner/dist/codeql-runner-linux init --repository $GITHUB_REPOSITORY --languages csharp --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }} + + - name: Build code + run: | + ../action/runner/dist/codeql-runner-linux autobuild + + - name: Run analyze + run: | + ../action/runner/dist/codeql-runner-linux analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }} + env: + TEST_MODE: true + + runner-analyze-csharp-autobuild-windows: + timeout-minutes: 45 + name: Runner windows autobuild C# analyze + + # Build tracing currently does not support Windows 2022, so use `windows-2019` instead of + # `windows-latest`. + runs-on: windows-2019 + + steps: + - uses: actions/checkout@v3 + + - name: Move codeql-action + shell: bash + run: | + mkdir ../action + mv * .github ../action/ + mv ../action/tests/multi-language-repo/{*,.github} . + mv ../action/.github/workflows .github + + - name: Build runner + run: | + cd ../action/runner + npm install + npm run build-runner + + - name: Run init + run: | + ../action/runner/dist/codeql-runner-win.exe init --repository $Env:GITHUB_REPOSITORY --languages csharp --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }} + + - name: Build code + shell: powershell + run: | + ../action/runner/dist/codeql-runner-win.exe autobuild + + - name: Run analyze + run: | + ../action/runner/dist/codeql-runner-win.exe analyze --repository $Env:GITHUB_REPOSITORY --commit $Env:GITHUB_SHA --ref $Env:GITHUB_REF --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }} + env: + TEST_MODE: true + + runner-analyze-csharp-autobuild-macos: + name: Runner macos autobuild C# analyze + + runs-on: macos-latest + timeout-minutes: 45 + + steps: + - uses: actions/checkout@v3 + + - name: Move codeql-action + shell: bash + run: | + mkdir ../action + mv * .github ../action/ + mv ../action/tests/multi-language-repo/{*,.github} . + mv ../action/.github/workflows .github + + - name: Build runner + run: | + cd ../action/runner + npm install + npm run build-runner + + - name: Run init + run: | + ../action/runner/dist/codeql-runner-macos init --repository $GITHUB_REPOSITORY --languages csharp --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }} + + - name: Build code + shell: bash + run: | + . codeql-runner/codeql-env.sh + CODEQL_RUNNER="$(cat codeql-runner/codeql-env.json | jq -r '.CODEQL_RUNNER')" + echo "$CODEQL_RUNNER" + $CODEQL_RUNNER ../action/runner/dist/codeql-runner-macos autobuild + + - name: Run analyze + run: | + ../action/runner/dist/codeql-runner-macos analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }} + env: + TEST_MODE: true + + runner-upload-sarif: + name: Runner upload sarif + + runs-on: ubuntu-latest + timeout-minutes: 45 + + if: ${{ github.event_name != 'pull_request' || github.event.pull_request.base.repo.id == github.event.pull_request.head.repo.id }} + + steps: + - uses: actions/checkout@v3 + + - name: Build runner + run: | + cd runner + npm install + npm run build-runner + + - name: Upload with runner + run: | + # Deliberately don't use TEST_MODE here. This is specifically testing + # the compatibility with the API. + runner/dist/codeql-runner-linux upload --sarif-file src/testdata/empty-sarif.sarif --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }} + + runner-extractor-ram-threads-options: + name: Runner ubuntu extractor RAM and threads options + + runs-on: ubuntu-latest + timeout-minutes: 45 + + steps: + - uses: actions/checkout@v3 + + - name: Build runner + run: | + cd runner + npm install + npm run build-runner + + - name: Run init + run: | + runner/dist/codeql-runner-linux init --ram=230 --threads=1 --repository $GITHUB_REPOSITORY --languages java --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }} + + - name: Assert Results + shell: bash + run: | + . ./codeql-runner/codeql-env.sh + if [ "${CODEQL_RAM}" != "230" ]; then + echo "CODEQL_RAM is '${CODEQL_RAM}' instead of 230" + exit 1 + fi + if [ "${CODEQL_EXTRACTOR_JAVA_RAM}" != "230" ]; then + echo "CODEQL_EXTRACTOR_JAVA_RAM is '${CODEQL_EXTRACTOR_JAVA_RAM}' instead of 230" + exit 1 + fi + if [ "${CODEQL_THREADS}" != "1" ]; then + echo "CODEQL_THREADS is '${CODEQL_THREADS}' instead of 1" + exit 1 + fi + if [ "${CODEQL_EXTRACTOR_JAVA_THREADS}" != "1" ]; then + echo "CODEQL_EXTRACTOR_JAVA_THREADS is '${CODEQL_EXTRACTOR_JAVA_THREADS}' instead of 1" + exit 1 + fi diff --git a/CHANGELOG.md b/CHANGELOG.md index 5cdb6838c6..cbe7777e85 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ # CodeQL Action Changelog +## 1.1.18 - 03 Aug 2022 + +- Update default CodeQL bundle version to 2.10.2. [#1156](https://github.com/github/codeql-action/pull/1156) + ## 1.1.17 - 28 Jul 2022 - Update default CodeQL bundle version to 2.10.1. [#1143](https://github.com/github/codeql-action/pull/1143) diff --git a/lib/defaults.json b/lib/defaults.json index 2dd1a86cf7..13c30cf139 100644 --- a/lib/defaults.json +++ b/lib/defaults.json @@ -1,3 +1,3 @@ { - "bundleVersion": "codeql-bundle-20220714" + "bundleVersion": "codeql-bundle-20220728" } diff --git a/node_modules/.package-lock.json b/node_modules/.package-lock.json index 2816a0b272..564128bd04 100644 --- a/node_modules/.package-lock.json +++ b/node_modules/.package-lock.json @@ -1,6 +1,6 @@ { "name": "codeql", - "version": "1.1.17", + "version": "1.1.18", "lockfileVersion": 2, "requires": true, "packages": { diff --git a/package-lock.json b/package-lock.json index 4716bc7a49..8c255a1527 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "codeql", - "version": "1.1.17", + "version": "1.1.18", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "codeql", - "version": "1.1.17", + "version": "1.1.18", "license": "MIT", "dependencies": { "@actions/artifact": "^1.0.0", diff --git a/package.json b/package.json index c496d796d8..d257eacb90 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "codeql", - "version": "1.1.17", + "version": "1.1.18", "private": true, "description": "CodeQL action", "scripts": { diff --git a/src/defaults.json b/src/defaults.json index 69211563e0..b04119e141 100644 --- a/src/defaults.json +++ b/src/defaults.json @@ -1,3 +1,3 @@ { - "bundleVersion": "codeql-bundle-20220714" + "bundleVersion": "codeql-bundle-20220728" }