Skip to content

Commit

Permalink
Merge branch 'main' into update-bundle/codeql-bundle-v2.19.1
Browse files Browse the repository at this point in the history
  • Loading branch information
angelapwen authored Oct 3, 2024
2 parents 4beccf7 + 8aba5f2 commit 868284b
Show file tree
Hide file tree
Showing 5,429 changed files with 2,176,929 additions and 71,668 deletions.
The diff you're trying to view is too large. We only load the first 3000 changed files.
4 changes: 4 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,10 @@ updates:
# v7 requires ESM
- dependency-name: "del"
versions: ["^7.0.0"]
# This is broken due to the way configuration files have changed.
# This might be fixed when we move to eslint v9.
- dependency-name: "eslint-plugin-import"
versions: [">=2.30.0"]
groups:
npm:
patterns:
Expand Down
99 changes: 99 additions & 0 deletions .github/workflows/debug-artifacts-upgrade.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,99 @@
# Checks logs, SARIF, and database bundle debug artifacts exist and are accessible
# with download-artifact@v4 when CODEQL_ACTION_ARTIFACT_V4_UPGRADE is set to true.
name: PR Check - Debug artifact upload using artifact@v2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
CODEQL_ACTION_ARTIFACT_V4_UPGRADE: true
on:
push:
branches:
- main
- releases/v*
pull_request:
types:
- opened
- synchronize
- reopened
- ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {}
jobs:
upload-artifacts:
strategy:
fail-fast: false
matrix:
version:
- stable-v2.13.5
- stable-v2.14.6
- stable-v2.15.5
- stable-v2.16.6
- stable-v2.17.6
- default
- linked
- nightly-latest
name: Upload debug artifacts
env:
CODEQL_ACTION_TEST_MODE: true
timeout-minutes: 45
runs-on: ubuntu-latest
steps:
- name: Check out repository
uses: actions/checkout@v4
- name: Prepare test
id: prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
- uses: actions/setup-go@v5
with:
go-version: ^1.13.1
- uses: ./../action/init
id: init
with:
tools: ${{ steps.prepare-test.outputs.tools-url }}
debug: true
debug-artifact-name: my-debug-artifacts
debug-database-name: my-db
# We manually exclude Swift from the languages list here, as it is not supported on Ubuntu
languages: cpp,csharp,go,java,javascript,python,ruby
- name: Build code
shell: bash
run: ./build.sh
- uses: ./../action/analyze
id: analysis
download-and-check-artifacts:
name: Download and check debug artifacts
needs: upload-artifacts
timeout-minutes: 45
runs-on: ubuntu-latest
steps:
- name: Download all artifacts
uses: actions/download-artifact@v4
- name: Check expected artifacts exist
shell: bash
run: |
VERSIONS="stable-v2.13.5 stable-v2.14.6 stable-v2.15.5 stable-v2.16.6 stable-v2.17.6 default linked nightly-latest"
LANGUAGES="cpp csharp go java javascript python"
for version in $VERSIONS; do
pushd "./my-debug-artifacts-${version//./}"
echo "Artifacts from version $version:"
for language in $LANGUAGES; do
echo "- Checking $language"
if [[ ! -f "$language.sarif" ]] ; then
echo "Missing a SARIF file for $language"
exit 1
fi
if [[ ! -f "my-db-$language.zip" ]] ; then
echo "Missing a database bundle for $language"
exit 1
fi
if [[ ! -d "$language/log" ]] ; then
echo "Missing logs for $language"
exit 1
fi
done
popd
done
env:
GO111MODULE: auto
5 changes: 5 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,11 @@ Note that the only difference between `v2` and `v3` of the CodeQL Action is the

## [UNRELEASED]

- _Upcoming breaking change_: Add support for using `actions/download-artifact@v4` to programmatically consume CodeQL Action debug artifacts.

Starting November 30, 2024, GitHub.com customers will [no longer be able to use `actions/download-artifact@v3`](https://github.blog/changelog/2024-04-16-deprecation-notice-v3-of-the-artifact-actions/). Therefore, to avoid breakage, customers who programmatically download the CodeQL Action debug artifacts should set the `CODEQL_ACTION_ARTIFACT_V4_UPGRADE` environment variable to `true` and bump `actions/download-artifact@v3` to `actions/download-artifact@v4` in their workflows. The CodeQL Action will enable this behavior by default in early November and workflows that have not yet bumped to `actions/download-artifact@v3` to `actions/download-artifact@v4` will begin failing then.

This change is currently unavailable for GitHub Enterprise Server customers, as `actions/upload-artifact@v4` and `actions/download-artifact@v4` are not yet compatible with GHES.
- Update default CodeQL bundle version to 2.19.1. [#2519](https://github.com/github/codeql-action/pull/2519)

## 3.26.10 - 30 Sep 2024
Expand Down
78 changes: 77 additions & 1 deletion lib/actions-util.js

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion lib/actions-util.js.map

Large diffs are not rendered by default.

14 changes: 13 additions & 1 deletion lib/analyze-action-post.js

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion lib/analyze-action-post.js.map

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

31 changes: 11 additions & 20 deletions lib/cli-errors.js

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit 868284b

Please sign in to comment.