Skip to content

Commit

Permalink
Merge branch 'main' into aeisenberg/checkout-path-commitoid
Browse files Browse the repository at this point in the history
  • Loading branch information
aeisenberg committed Mar 25, 2022
2 parents d068f53 + 6e57bba commit 5d444c1
Show file tree
Hide file tree
Showing 130 changed files with 2,209 additions and 2,074 deletions.
1 change: 1 addition & 0 deletions .github/workflows/__analyze-ref-input.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions .github/workflows/__debug-artifacts.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions .github/workflows/__extractor-ram-threads.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions .github/workflows/__go-custom-queries.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions .github/workflows/__go-custom-tracing-autobuild.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions .github/workflows/__go-custom-tracing.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions .github/workflows/__javascript-source-root.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions .github/workflows/__multi-language-autodetect.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions .github/workflows/__packaging-config-inputs-js.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions .github/workflows/__packaging-config-js.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions .github/workflows/__packaging-inputs-js.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions .github/workflows/__remote-config.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions .github/workflows/__rubocop-multi-language.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions .github/workflows/__split-workflow.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions .github/workflows/__test-local-codeql.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions .github/workflows/__test-proxy.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions .github/workflows/__test-ruby.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions .github/workflows/__unset-environment.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions .github/workflows/__upload-ref-sha-input.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion .github/workflows/check-expected-release-files.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,6 @@ jobs:
run: |
bundle_version="$(cat "./src/defaults.json" | jq -r ".bundleVersion")"
set -x
for expected_file in "codeql-bundle.tar.gz" "codeql-bundle-linux64.tar.gz" "codeql-bundle-osx64.tar.gz" "codeql-bundle-win64.tar.gz" "codeql-runner-linux" "codeql-runner-macos" "codeql-runner-win.exe"; do
for expected_file in "codeql-bundle.tar.gz" "codeql-bundle-linux64.tar.gz" "codeql-bundle-osx64.tar.gz" "codeql-bundle-win64.tar.gz"; do
curl --location --fail --head --request GET "https://github.com/github/codeql-action/releases/download/$bundle_version/$expected_file" > /dev/null
done
16 changes: 16 additions & 0 deletions .github/workflows/pr-checks.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ jobs:
lint-js:
name: Lint
runs-on: ubuntu-latest
timeout-minutes: 45

steps:
- uses: actions/checkout@v2
Expand All @@ -21,6 +22,7 @@ jobs:

check-js:
runs-on: ubuntu-latest
timeout-minutes: 45

steps:
- uses: actions/checkout@v2
Expand All @@ -30,6 +32,7 @@ jobs:
check-node-modules:
name: Check modules up to date
runs-on: macos-latest
timeout-minutes: 45

steps:
- uses: actions/checkout@v2
Expand All @@ -39,6 +42,7 @@ jobs:
verify-pr-checks:
name: Verify PR checks up to date
runs-on: ubuntu-latest
timeout-minutes: 45

steps:
- uses: actions/checkout@v2
Expand All @@ -60,6 +64,7 @@ jobs:
matrix:
os: [ubuntu-latest, macos-latest]
runs-on: ${{ matrix.os }}
timeout-minutes: 45

steps:
- uses: actions/checkout@v2
Expand All @@ -69,6 +74,7 @@ jobs:
runner-analyze-javascript-ubuntu:
name: Runner ubuntu JS analyze
needs: [check-js, check-node-modules]
timeout-minutes: 45
runs-on: ubuntu-latest

steps:
Expand Down Expand Up @@ -97,6 +103,7 @@ jobs:
runner-analyze-javascript-windows:
name: Runner windows JS analyze
needs: [check-js, check-node-modules]
timeout-minutes: 45
runs-on: windows-latest

steps:
Expand All @@ -121,6 +128,7 @@ jobs:
runner-analyze-javascript-macos:
name: Runner macos JS analyze
needs: [check-js, check-node-modules]
timeout-minutes: 45
runs-on: macos-latest

steps:
Expand All @@ -145,6 +153,7 @@ jobs:
runner-analyze-csharp-ubuntu:
name: Runner ubuntu C# analyze
needs: [check-js, check-node-modules]
timeout-minutes: 45
runs-on: ubuntu-latest

steps:
Expand Down Expand Up @@ -184,6 +193,7 @@ jobs:
needs: [check-js, check-node-modules]
# Build tracing currently does not support Windows 2022, so use `windows-2019` instead of
# `windows-latest`.
timeout-minutes: 45
runs-on: windows-2019

steps:
Expand Down Expand Up @@ -228,6 +238,7 @@ jobs:

runner-analyze-csharp-macos:
name: Runner macos C# analyze
timeout-minutes: 45
needs: [check-js, check-node-modules]
runs-on: macos-latest

Expand Down Expand Up @@ -266,6 +277,7 @@ jobs:

runner-analyze-csharp-autobuild-ubuntu:
name: Runner ubuntu autobuild C# analyze
timeout-minutes: 45
needs: [check-js, check-node-modules]
runs-on: ubuntu-latest

Expand Down Expand Up @@ -301,6 +313,7 @@ jobs:
TEST_MODE: true

runner-analyze-csharp-autobuild-windows:
timeout-minutes: 45
name: Runner windows autobuild C# analyze
needs: [check-js, check-node-modules]
# Build tracing currently does not support Windows 2022, so use `windows-2019` instead of
Expand Down Expand Up @@ -343,6 +356,7 @@ jobs:
name: Runner macos autobuild C# analyze
needs: [check-js, check-node-modules]
runs-on: macos-latest
timeout-minutes: 45

steps:
- uses: actions/checkout@v2
Expand Down Expand Up @@ -380,6 +394,7 @@ jobs:
name: Runner upload sarif
needs: [check-js, check-node-modules]
runs-on: ubuntu-latest
timeout-minutes: 45

if: ${{ github.event_name != 'pull_request' || github.event.pull_request.base.repo.id == github.event.pull_request.head.repo.id }}

Expand All @@ -402,6 +417,7 @@ jobs:
name: Runner ubuntu extractor RAM and threads options
needs: [check-js, check-node-modules]
runs-on: ubuntu-latest
timeout-minutes: 45

steps:
- uses: actions/checkout@v2
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/python-deps.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ on:

jobs:
test-setup-python-scripts:
timeout-minutes: 45
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/release-runner.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ on:

jobs:
release-runner:
timeout-minutes: 45
runs-on: ubuntu-latest
env:
RELEASE_TAG: "${{ github.event.inputs.bundle-tag }}"
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/split.yml
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ on:
jobs:
build:
runs-on: ubuntu-latest
timeout-minutes: 45
env:
CLI_RELEASE: "${{ github.event.inputs.cli-release }}"
RELEASE_TAG: "${{ github.event.inputs.bundle-tag }}"
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/update-dependencies.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ on:
jobs:
update:
name: Update dependencies
timeout-minutes: 45
runs-on: macos-latest
if: contains(github.event.pull_request.labels.*.name, 'Update dependencies') && (github.event.pull_request.head.repo.full_name == 'github/codeql-action')
steps:
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/update-release-branch.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ on:

jobs:
update:
timeout-minutes: 45
runs-on: ubuntu-latest
if: ${{ github.repository == 'github/codeql-action' }}
steps:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ on:

jobs:
update-supported-enterprise-server-versions:
name: Update Supported Enterprise Server Versions
timeout-minutes: 45
runs-on: ubuntu-latest
if: ${{ github.repository == 'github/codeql-action' }}

Expand Down
18 changes: 15 additions & 3 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,9 +1,21 @@
# CodeQL Action and CodeQL Runner Changelog
# CodeQL Action Changelog

## [UNRELEASED]

- Update default CodeQL bundle version to 2.8.2.
- Fix a bug where old results can be uploaded if the languages in a repository change when using a non-ephemeral self-hosted runner.
No user facing changes.

## 1.1.5 - 15 Mar 2022

- Update default CodeQL bundle version to 2.8.3.
- The CodeQL runner is now deprecated and no longer being released. For more information, see [CodeQL runner deprecation](https://github.blog/changelog/2021-09-21-codeql-runner-deprecation/).
- Fix two bugs that cause action failures with GHES 3.3 or earlier. [#978](https://github.com/github/codeql-action/pull/978)
- Fix `not a permitted key` invalid requests with GHES 3.1 or earlier
- Fix `RUNNER_ARCH environment variable must be set` errors with GHES 3.3 or earlier

## 1.1.4 - 07 Mar 2022

- Update default CodeQL bundle version to 2.8.2. [#950](https://github.com/github/codeql-action/pull/950)
- Fix a bug where old results can be uploaded if the languages in a repository change when using a non-ephemeral self-hosted runner. [#955](https://github.com/github/codeql-action/pull/955)

## 1.1.3 - 23 Feb 2022

Expand Down
21 changes: 20 additions & 1 deletion CONTRIBUTING.md
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ Here are a few things you can do that will increase the likelihood of your pull
1. The first step of releasing a new version of the `codeql-action` is running the "Update release branch" workflow.
This workflow goes through the pull requests that have been merged to `main` since the last release, creates a changelog, then opens a pull request to merge the changes since the last release into the `v1` release branch.

A release is automatically started every Monday via a scheduled run of this workflow, however you can start a release manually by triggering a run via [workflow dispatch](https://github.com/github/codeql-action/actions/workflows/update-release-branch.yml).
A release is automatically started every Monday via a scheduled run of this workflow, however you can start a release manually by triggering a run via [workflow dispatch](https://github.com/github/codeql-action/actions/workflows/update-release-branch.yml).
1. The workflow run will open a pull request titled "Merge main into v1". Mark the pull request as [ready for review](https://docs.github.com/en/github/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review) to trigger the PR checks.
1. Review the checklist items in the pull request description.
Once you've checked off all but the last of these, approve the PR and automerge it.
Expand All @@ -72,6 +72,25 @@ Here are a few things you can do that will increase the likelihood of your pull

Approve the mergeback PR and automerge it. Once the mergeback has been merged into main, the release is complete.

## Keeping the PR checks up to date (admin access required)

Since the `codeql-action` runs most of its testing through individual Actions workflows, there are over two hundred jobs that need to pass in order for a PR to turn green. Managing these PR checks manually is time consuming and complex. Here is a semi-automated approach.

To regenerate the PR jobs for the action:

1. From a terminal, run the following commands (replace `SHA` with the sha of the commit whose checks you want to use, typically this should be the latest from `main`):

```sh
SHA= ####
CHECKS="$(gh api repos/github/codeql-action/commits/${SHA}/check-runs --paginate | jq --slurp --compact-output --raw-output '[.[].check_runs | .[].name | select(contains("https://") or . == "CodeQL" or . == "LGTM.com" or . == "Update dependencies" or . == "Update Supported Enterprise Server Versions" | not)]')"
echo "{\"contexts\": ${CHECKS}}" > checks.json
gh api -X "PATCH" repos/github/codeql-action/branches/main/protection/required_status_checks --input checks.json
gh api -X "PATCH" repos/github/codeql-action/branches/v1/protection/required_status_checks --input checks.json
````

2. Go to the [branch protection rules settings page](https://github.com/github/codeql-action/settings/branches) and validate that the rules have been updated.


## Resources

- [How to Contribute to Open Source](https://opensource.guide/how-to-contribute/)
Expand Down
Loading

0 comments on commit 5d444c1

Please sign in to comment.