From c409ef313690536d0580e466d530f9f561cd7643 Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Tue, 28 Mar 2023 18:57:30 +0100 Subject: [PATCH] Update CodeQL releases used in PR checks --- .github/setup-swift/action.yml | 18 +++++++-- .github/workflows/__analyze-ref-input.yml | 35 ++++++++-------- .../__export-file-baseline-information.yml | 1 - .github/workflows/__go-custom-queries.yml | 35 ++++++++-------- .../workflows/__go-tracing-autobuilder.yml | 25 ++++++------ .../__go-tracing-custom-build-steps.yml | 25 ++++++------ .../__go-tracing-legacy-workflow.yml | 25 ++++++------ .github/workflows/__ml-powered-queries.yml | 37 +++++++++++------ .../workflows/__multi-language-autodetect.yml | 32 +++++++-------- .github/workflows/__remote-config.yml | 35 ++++++++-------- .github/workflows/__swift-autobuild.yml | 1 - .github/workflows/__swift-custom-build.yml | 1 - .github/workflows/__unset-environment.yml | 15 +++---- .github/workflows/__upload-ref-sha-input.yml | 35 ++++++++-------- .github/workflows/__with-checkout-path.yml | 35 ++++++++-------- .github/workflows/debug-artifacts.yml | 31 +++++++------- .../export-file-baseline-information.yml | 2 - pr-checks/checks/ml-powered-queries.yml | 11 +---- .../checks/multi-language-autodetect.yml | 6 +-- pr-checks/checks/swift-autobuild.yml | 2 - pr-checks/checks/swift-custom-build.yml | 1 - pr-checks/sync.py | 40 ++++--------------- 22 files changed, 212 insertions(+), 236 deletions(-) diff --git a/.github/setup-swift/action.yml b/.github/setup-swift/action.yml index c0230a9fb6..e18ecf52f7 100644 --- a/.github/setup-swift/action.yml +++ b/.github/setup-swift/action.yml @@ -6,10 +6,22 @@ inputs: runs: using: "composite" steps: + - name: Set Swift enablement environment variable + # We don't support Swift on Windows or prior versions of CLI. + if: >- + runner.os != 'Windows' && ( + matrix.version == '20220908' || + matrix.version == '20221211' || + matrix.version == 'cached' || + matrix.version == 'latest' || + matrix.version == 'nightly-latest' + ) + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - name: Get Swift version id: get_swift_version - # We don't support Swift on Windows or prior versions of CLI. - if: "(runner.os != 'Windows') && (matrix.version == 'cached' || matrix.version == 'latest' || matrix.version == 'nightly-latest')" + if: env.CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT == 'true' shell: bash env: CODEQL_PATH: ${{inputs.codeql-path}} @@ -27,6 +39,6 @@ runs: fi echo "version=$VERSION" | tee -a $GITHUB_OUTPUT - uses: swift-actions/setup-swift@da0e3e04b5e3e15dbc3861bd835ad9f0afe56296 # Please update the corresponding SHA in the CLI's CodeQL Action Integration Test. - if: "(runner.os != 'Windows') && (matrix.version == 'cached' || matrix.version == 'latest' || matrix.version == 'nightly-latest')" + if: env.CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT == 'true' with: swift-version: "${{steps.get_swift_version.outputs.version}}" diff --git a/.github/workflows/__analyze-ref-input.yml b/.github/workflows/__analyze-ref-input.yml index cff1b5307f..fb1798037c 100644 --- a/.github/workflows/__analyze-ref-input.yml +++ b/.github/workflows/__analyze-ref-input.yml @@ -25,24 +25,30 @@ jobs: strategy: matrix: include: - - os: ubuntu-20.04 - version: stable-20211005 - - os: macos-latest - version: stable-20211005 - - os: windows-2019 - version: stable-20211005 - - os: ubuntu-20.04 - version: stable-20220120 - - os: macos-latest - version: stable-20220120 - - os: windows-2019 - version: stable-20220120 - os: ubuntu-latest version: stable-20220401 - os: macos-latest version: stable-20220401 - os: windows-latest version: stable-20220401 + - os: ubuntu-latest + version: stable-20220615 + - os: macos-latest + version: stable-20220615 + - os: windows-latest + version: stable-20220615 + - os: ubuntu-latest + version: stable-20220908 + - os: macos-latest + version: stable-20220908 + - os: windows-latest + version: stable-20220908 + - os: ubuntu-latest + version: stable-20221211 + - os: macos-latest + version: stable-20221211 + - os: windows-latest + version: stable-20221211 - os: ubuntu-latest version: cached - os: macos-latest @@ -72,11 +78,6 @@ jobs: uses: ./.github/prepare-test with: version: ${{ matrix.version }} - - name: Set up Go - if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019' - uses: actions/setup-go@v4 - with: - go-version: ^1.13.1 - uses: ./../action/init with: tools: ${{ steps.prepare-test.outputs.tools-url }} diff --git a/.github/workflows/__export-file-baseline-information.yml b/.github/workflows/__export-file-baseline-information.yml index e3bde8456e..a5bcdfa057 100644 --- a/.github/workflows/__export-file-baseline-information.yml +++ b/.github/workflows/__export-file-baseline-information.yml @@ -84,5 +84,4 @@ jobs: fi done env: - CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT: true # Remove when Swift is GA. CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__go-custom-queries.yml b/.github/workflows/__go-custom-queries.yml index 3093f38aa2..e42ba25a1a 100644 --- a/.github/workflows/__go-custom-queries.yml +++ b/.github/workflows/__go-custom-queries.yml @@ -25,24 +25,30 @@ jobs: strategy: matrix: include: - - os: ubuntu-20.04 - version: stable-20211005 - - os: macos-latest - version: stable-20211005 - - os: windows-2019 - version: stable-20211005 - - os: ubuntu-20.04 - version: stable-20220120 - - os: macos-latest - version: stable-20220120 - - os: windows-2019 - version: stable-20220120 - os: ubuntu-latest version: stable-20220401 - os: macos-latest version: stable-20220401 - os: windows-latest version: stable-20220401 + - os: ubuntu-latest + version: stable-20220615 + - os: macos-latest + version: stable-20220615 + - os: windows-latest + version: stable-20220615 + - os: ubuntu-latest + version: stable-20220908 + - os: macos-latest + version: stable-20220908 + - os: windows-latest + version: stable-20220908 + - os: ubuntu-latest + version: stable-20221211 + - os: macos-latest + version: stable-20221211 + - os: windows-latest + version: stable-20221211 - os: ubuntu-latest version: cached - os: macos-latest @@ -72,11 +78,6 @@ jobs: uses: ./.github/prepare-test with: version: ${{ matrix.version }} - - name: Set up Go - if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019' - uses: actions/setup-go@v4 - with: - go-version: ^1.13.1 - uses: ./../action/init with: languages: go diff --git a/.github/workflows/__go-tracing-autobuilder.yml b/.github/workflows/__go-tracing-autobuilder.yml index 3110cad8ee..18e95a3c1e 100644 --- a/.github/workflows/__go-tracing-autobuilder.yml +++ b/.github/workflows/__go-tracing-autobuilder.yml @@ -25,18 +25,22 @@ jobs: strategy: matrix: include: - - os: ubuntu-20.04 - version: stable-20211005 - - os: macos-latest - version: stable-20211005 - - os: ubuntu-20.04 - version: stable-20220120 - - os: macos-latest - version: stable-20220120 - os: ubuntu-latest version: stable-20220401 - os: macos-latest version: stable-20220401 + - os: ubuntu-latest + version: stable-20220615 + - os: macos-latest + version: stable-20220615 + - os: ubuntu-latest + version: stable-20220908 + - os: macos-latest + version: stable-20220908 + - os: ubuntu-latest + version: stable-20221211 + - os: macos-latest + version: stable-20221211 - os: ubuntu-latest version: cached - os: macos-latest @@ -60,11 +64,6 @@ jobs: uses: ./.github/prepare-test with: version: ${{ matrix.version }} - - name: Set up Go - if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019' - uses: actions/setup-go@v4 - with: - go-version: ^1.13.1 - uses: ./../action/init with: languages: go diff --git a/.github/workflows/__go-tracing-custom-build-steps.yml b/.github/workflows/__go-tracing-custom-build-steps.yml index b9f4933ddb..37b165ac75 100644 --- a/.github/workflows/__go-tracing-custom-build-steps.yml +++ b/.github/workflows/__go-tracing-custom-build-steps.yml @@ -25,18 +25,22 @@ jobs: strategy: matrix: include: - - os: ubuntu-20.04 - version: stable-20211005 - - os: macos-latest - version: stable-20211005 - - os: ubuntu-20.04 - version: stable-20220120 - - os: macos-latest - version: stable-20220120 - os: ubuntu-latest version: stable-20220401 - os: macos-latest version: stable-20220401 + - os: ubuntu-latest + version: stable-20220615 + - os: macos-latest + version: stable-20220615 + - os: ubuntu-latest + version: stable-20220908 + - os: macos-latest + version: stable-20220908 + - os: ubuntu-latest + version: stable-20221211 + - os: macos-latest + version: stable-20221211 - os: ubuntu-latest version: cached - os: macos-latest @@ -60,11 +64,6 @@ jobs: uses: ./.github/prepare-test with: version: ${{ matrix.version }} - - name: Set up Go - if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019' - uses: actions/setup-go@v4 - with: - go-version: ^1.13.1 - uses: ./../action/init with: languages: go diff --git a/.github/workflows/__go-tracing-legacy-workflow.yml b/.github/workflows/__go-tracing-legacy-workflow.yml index 05f98e4a18..6b95b512cd 100644 --- a/.github/workflows/__go-tracing-legacy-workflow.yml +++ b/.github/workflows/__go-tracing-legacy-workflow.yml @@ -25,18 +25,22 @@ jobs: strategy: matrix: include: - - os: ubuntu-20.04 - version: stable-20211005 - - os: macos-latest - version: stable-20211005 - - os: ubuntu-20.04 - version: stable-20220120 - - os: macos-latest - version: stable-20220120 - os: ubuntu-latest version: stable-20220401 - os: macos-latest version: stable-20220401 + - os: ubuntu-latest + version: stable-20220615 + - os: macos-latest + version: stable-20220615 + - os: ubuntu-latest + version: stable-20220908 + - os: macos-latest + version: stable-20220908 + - os: ubuntu-latest + version: stable-20221211 + - os: macos-latest + version: stable-20221211 - os: ubuntu-latest version: cached - os: macos-latest @@ -60,11 +64,6 @@ jobs: uses: ./.github/prepare-test with: version: ${{ matrix.version }} - - name: Set up Go - if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019' - uses: actions/setup-go@v4 - with: - go-version: ^1.13.1 - uses: ./../action/init with: languages: go diff --git a/.github/workflows/__ml-powered-queries.yml b/.github/workflows/__ml-powered-queries.yml index 1009afc306..52f0b1a4e7 100644 --- a/.github/workflows/__ml-powered-queries.yml +++ b/.github/workflows/__ml-powered-queries.yml @@ -25,12 +25,30 @@ jobs: strategy: matrix: include: - - os: ubuntu-20.04 - version: stable-20220120 + - os: ubuntu-latest + version: stable-20220401 + - os: macos-latest + version: stable-20220401 + - os: windows-latest + version: stable-20220401 + - os: ubuntu-latest + version: stable-20220615 + - os: macos-latest + version: stable-20220615 + - os: windows-latest + version: stable-20220615 + - os: ubuntu-latest + version: stable-20220908 + - os: macos-latest + version: stable-20220908 + - os: windows-latest + version: stable-20220908 + - os: ubuntu-latest + version: stable-20221211 - os: macos-latest - version: stable-20220120 - - os: windows-2019 - version: stable-20220120 + version: stable-20221211 + - os: windows-latest + version: stable-20221211 - os: ubuntu-latest version: cached - os: macos-latest @@ -60,11 +78,6 @@ jobs: uses: ./.github/prepare-test with: version: ${{ matrix.version }} - - name: Set up Go - if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019' - uses: actions/setup-go@v4 - with: - go-version: ^1.13.1 - uses: ./../action/init with: languages: javascript @@ -87,7 +100,7 @@ jobs: - name: Check sarif uses: ./../action/.github/check-sarif # Running on Windows requires CodeQL CLI 2.9.0+. - if: "!(matrix.version == 'stable-20220120' && runner.os == 'Windows')" + if: "!(matrix.version == 'stable-20220401' && runner.os == 'Windows')" with: sarif-file: ${{ runner.temp }}/results/javascript.sarif queries-run: js/ml-powered/nosql-injection,js/ml-powered/path-injection,js/ml-powered/sql-injection,js/ml-powered/xss @@ -96,7 +109,7 @@ jobs: - name: Check results env: # Running on Windows requires CodeQL CLI 2.9.0+. - SHOULD_RUN_ML_POWERED_QUERIES: ${{ !(matrix.version == 'stable-20220120' && + SHOULD_RUN_ML_POWERED_QUERIES: ${{ !(matrix.version == 'stable-20220401' && runner.os == 'Windows') }} shell: bash run: | diff --git a/.github/workflows/__multi-language-autodetect.yml b/.github/workflows/__multi-language-autodetect.yml index 560dafcf27..90874a9b21 100644 --- a/.github/workflows/__multi-language-autodetect.yml +++ b/.github/workflows/__multi-language-autodetect.yml @@ -25,18 +25,22 @@ jobs: strategy: matrix: include: - - os: ubuntu-20.04 - version: stable-20211005 - - os: macos-latest - version: stable-20211005 - - os: ubuntu-20.04 - version: stable-20220120 - - os: macos-latest - version: stable-20220120 - os: ubuntu-latest version: stable-20220401 - os: macos-latest version: stable-20220401 + - os: ubuntu-latest + version: stable-20220615 + - os: macos-latest + version: stable-20220615 + - os: ubuntu-latest + version: stable-20220908 + - os: macos-latest + version: stable-20220908 + - os: ubuntu-latest + version: stable-20221211 + - os: macos-latest + version: stable-20221211 - os: ubuntu-latest version: cached - os: macos-latest @@ -60,11 +64,6 @@ jobs: uses: ./.github/prepare-test with: version: ${{ matrix.version }} - - name: Set up Go - if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019' - uses: actions/setup-go@v4 - with: - go-version: ^1.13.1 - uses: ./../action/init id: init with: @@ -119,8 +118,7 @@ jobs: fi - name: Check language autodetect for Ruby - if: (matrix.version == 'cached' || matrix.version == 'latest' || matrix.version - == 'nightly-latest') + if: env.CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT == 'true' shell: bash run: | RUBY_DB=${{ fromJson(steps.analysis.outputs.db-locations).ruby }} @@ -130,8 +128,7 @@ jobs: fi - name: Check language autodetect for Swift - if: (matrix.version == 'cached' || matrix.version == 'latest' || matrix.version - == 'nightly-latest') + if: env.CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT == 'true' shell: bash run: | SWIFT_DB=${{ fromJson(steps.analysis.outputs.db-locations).swift }} @@ -140,5 +137,4 @@ jobs: exit 1 fi env: - CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT: 'true' # Remove when Swift is GA. CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__remote-config.yml b/.github/workflows/__remote-config.yml index 69e49c4395..dddd4f4213 100644 --- a/.github/workflows/__remote-config.yml +++ b/.github/workflows/__remote-config.yml @@ -25,24 +25,30 @@ jobs: strategy: matrix: include: - - os: ubuntu-20.04 - version: stable-20211005 - - os: macos-latest - version: stable-20211005 - - os: windows-2019 - version: stable-20211005 - - os: ubuntu-20.04 - version: stable-20220120 - - os: macos-latest - version: stable-20220120 - - os: windows-2019 - version: stable-20220120 - os: ubuntu-latest version: stable-20220401 - os: macos-latest version: stable-20220401 - os: windows-latest version: stable-20220401 + - os: ubuntu-latest + version: stable-20220615 + - os: macos-latest + version: stable-20220615 + - os: windows-latest + version: stable-20220615 + - os: ubuntu-latest + version: stable-20220908 + - os: macos-latest + version: stable-20220908 + - os: windows-latest + version: stable-20220908 + - os: ubuntu-latest + version: stable-20221211 + - os: macos-latest + version: stable-20221211 + - os: windows-latest + version: stable-20221211 - os: ubuntu-latest version: cached - os: macos-latest @@ -72,11 +78,6 @@ jobs: uses: ./.github/prepare-test with: version: ${{ matrix.version }} - - name: Set up Go - if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019' - uses: actions/setup-go@v4 - with: - go-version: ^1.13.1 - uses: ./../action/init with: tools: ${{ steps.prepare-test.outputs.tools-url }} diff --git a/.github/workflows/__swift-autobuild.yml b/.github/workflows/__swift-autobuild.yml index 829a82975c..299491d8df 100644 --- a/.github/workflows/__swift-autobuild.yml +++ b/.github/workflows/__swift-autobuild.yml @@ -68,5 +68,4 @@ jobs: exit 1 fi env: - CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT: 'true' # Remove when Swift is GA. CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__swift-custom-build.yml b/.github/workflows/__swift-custom-build.yml index d10246db14..e07345b97d 100644 --- a/.github/workflows/__swift-custom-build.yml +++ b/.github/workflows/__swift-custom-build.yml @@ -75,6 +75,5 @@ jobs: exit 1 fi env: - CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT: 'true' # Remove when Swift is GA. DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false' CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__unset-environment.yml b/.github/workflows/__unset-environment.yml index 44c8e48562..7526951ab4 100644 --- a/.github/workflows/__unset-environment.yml +++ b/.github/workflows/__unset-environment.yml @@ -25,12 +25,14 @@ jobs: strategy: matrix: include: - - os: ubuntu-20.04 - version: stable-20211005 - - os: ubuntu-20.04 - version: stable-20220120 - os: ubuntu-latest version: stable-20220401 + - os: ubuntu-latest + version: stable-20220615 + - os: ubuntu-latest + version: stable-20220908 + - os: ubuntu-latest + version: stable-20221211 - os: ubuntu-latest version: cached - os: ubuntu-latest @@ -48,11 +50,6 @@ jobs: uses: ./.github/prepare-test with: version: ${{ matrix.version }} - - name: Set up Go - if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019' - uses: actions/setup-go@v4 - with: - go-version: ^1.13.1 - uses: ./../action/init with: db-location: ${{ runner.temp }}/customDbLocation diff --git a/.github/workflows/__upload-ref-sha-input.yml b/.github/workflows/__upload-ref-sha-input.yml index d235743d7f..ad8b9f695c 100644 --- a/.github/workflows/__upload-ref-sha-input.yml +++ b/.github/workflows/__upload-ref-sha-input.yml @@ -25,24 +25,30 @@ jobs: strategy: matrix: include: - - os: ubuntu-20.04 - version: stable-20211005 - - os: macos-latest - version: stable-20211005 - - os: windows-2019 - version: stable-20211005 - - os: ubuntu-20.04 - version: stable-20220120 - - os: macos-latest - version: stable-20220120 - - os: windows-2019 - version: stable-20220120 - os: ubuntu-latest version: stable-20220401 - os: macos-latest version: stable-20220401 - os: windows-latest version: stable-20220401 + - os: ubuntu-latest + version: stable-20220615 + - os: macos-latest + version: stable-20220615 + - os: windows-latest + version: stable-20220615 + - os: ubuntu-latest + version: stable-20220908 + - os: macos-latest + version: stable-20220908 + - os: windows-latest + version: stable-20220908 + - os: ubuntu-latest + version: stable-20221211 + - os: macos-latest + version: stable-20221211 + - os: windows-latest + version: stable-20221211 - os: ubuntu-latest version: cached - os: macos-latest @@ -72,11 +78,6 @@ jobs: uses: ./.github/prepare-test with: version: ${{ matrix.version }} - - name: Set up Go - if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019' - uses: actions/setup-go@v4 - with: - go-version: ^1.13.1 - uses: ./../action/init with: tools: ${{ steps.prepare-test.outputs.tools-url }} diff --git a/.github/workflows/__with-checkout-path.yml b/.github/workflows/__with-checkout-path.yml index 7ffc2ec457..108a15c679 100644 --- a/.github/workflows/__with-checkout-path.yml +++ b/.github/workflows/__with-checkout-path.yml @@ -25,24 +25,30 @@ jobs: strategy: matrix: include: - - os: ubuntu-20.04 - version: stable-20211005 - - os: macos-latest - version: stable-20211005 - - os: windows-2019 - version: stable-20211005 - - os: ubuntu-20.04 - version: stable-20220120 - - os: macos-latest - version: stable-20220120 - - os: windows-2019 - version: stable-20220120 - os: ubuntu-latest version: stable-20220401 - os: macos-latest version: stable-20220401 - os: windows-latest version: stable-20220401 + - os: ubuntu-latest + version: stable-20220615 + - os: macos-latest + version: stable-20220615 + - os: windows-latest + version: stable-20220615 + - os: ubuntu-latest + version: stable-20220908 + - os: macos-latest + version: stable-20220908 + - os: windows-latest + version: stable-20220908 + - os: ubuntu-latest + version: stable-20221211 + - os: macos-latest + version: stable-20221211 + - os: windows-latest + version: stable-20221211 - os: ubuntu-latest version: cached - os: macos-latest @@ -72,11 +78,6 @@ jobs: uses: ./.github/prepare-test with: version: ${{ matrix.version }} - - name: Set up Go - if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019' - uses: actions/setup-go@v4 - with: - go-version: ^1.13.1 - uses: actions/checkout@v3 with: ref: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6 diff --git a/.github/workflows/debug-artifacts.yml b/.github/workflows/debug-artifacts.yml index 781ee9cbec..b7c6e013b3 100644 --- a/.github/workflows/debug-artifacts.yml +++ b/.github/workflows/debug-artifacts.yml @@ -22,18 +22,22 @@ jobs: strategy: matrix: include: - - os: ubuntu-20.04 - version: stable-20211005 - - os: macos-latest - version: stable-20211005 - - os: ubuntu-20.04 - version: stable-20220120 - - os: macos-latest - version: stable-20220120 - os: ubuntu-latest version: stable-20220401 - os: macos-latest version: stable-20220401 + - os: ubuntu-latest + version: stable-20220615 + - os: macos-latest + version: stable-20220615 + - os: ubuntu-latest + version: stable-20220908 + - os: macos-latest + version: stable-20220908 + - os: ubuntu-latest + version: stable-20221211 + - os: macos-latest + version: stable-20221211 - os: ubuntu-latest version: cached - os: macos-latest @@ -84,17 +88,10 @@ jobs: - name: Check expected artifacts exist shell: bash run: | - VERSIONS="stable-20211005 stable-20220120 stable-20220401 cached latest nightly-latest" + VERSIONS="stable-20220401 stable-20220615 stable-20220908 stable-20221211 cached latest nightly-latest" LANGUAGES="cpp csharp go java javascript python" for version in $VERSIONS; do - if [[ "$version" =~ stable-(20211005|20220120|20210809) ]]; then - # Note the absence of the period in "ubuntu-2004": this is present in the image name - # but not the artifact name - OPERATING_SYSTEMS="ubuntu-2004 macos-latest" - else - OPERATING_SYSTEMS="ubuntu-latest macos-latest" - fi - for os in $OPERATING_SYSTEMS; do + for os in ubuntu-latest macos-latest; do pushd "./my-debug-artifacts-$os-$version" echo "Artifacts from version $version on $os:" for language in $LANGUAGES; do diff --git a/pr-checks/checks/export-file-baseline-information.yml b/pr-checks/checks/export-file-baseline-information.yml index e3008a1567..dae6068592 100644 --- a/pr-checks/checks/export-file-baseline-information.yml +++ b/pr-checks/checks/export-file-baseline-information.yml @@ -1,8 +1,6 @@ name: "Export file baseline information" description: "Tests that file baseline information is exported when the feature is enabled" versions: ["nightly-latest"] -env: - CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT: true # Remove when Swift is GA. steps: - uses: ./../action/init id: init diff --git a/pr-checks/checks/ml-powered-queries.yml b/pr-checks/checks/ml-powered-queries.yml index d0628b32cc..f4dcba8bee 100644 --- a/pr-checks/checks/ml-powered-queries.yml +++ b/pr-checks/checks/ml-powered-queries.yml @@ -1,12 +1,5 @@ name: "ML-powered queries" description: "Tests that ML-powered queries are run with the security-extended suite and that they produce alerts on a test DB" -versions: [ - # Latest release in 2.7.x series - "stable-20220120", - "cached", - "latest", - "nightly-latest", - ] steps: - uses: ./../action/init with: @@ -30,7 +23,7 @@ steps: - name: Check sarif uses: ./../action/.github/check-sarif # Running on Windows requires CodeQL CLI 2.9.0+. - if: "!(matrix.version == 'stable-20220120' && runner.os == 'Windows')" + if: "!(matrix.version == 'stable-20220401' && runner.os == 'Windows')" with: sarif-file: ${{ runner.temp }}/results/javascript.sarif queries-run: js/ml-powered/nosql-injection,js/ml-powered/path-injection,js/ml-powered/sql-injection,js/ml-powered/xss @@ -39,7 +32,7 @@ steps: - name: Check results env: # Running on Windows requires CodeQL CLI 2.9.0+. - SHOULD_RUN_ML_POWERED_QUERIES: ${{ !(matrix.version == 'stable-20220120' && runner.os == 'Windows') }} + SHOULD_RUN_ML_POWERED_QUERIES: ${{ !(matrix.version == 'stable-20220401' && runner.os == 'Windows') }} shell: bash run: | echo "Expecting ML-powered queries to be run: ${SHOULD_RUN_ML_POWERED_QUERIES}" diff --git a/pr-checks/checks/multi-language-autodetect.yml b/pr-checks/checks/multi-language-autodetect.yml index 73d520799a..9095cd0fac 100644 --- a/pr-checks/checks/multi-language-autodetect.yml +++ b/pr-checks/checks/multi-language-autodetect.yml @@ -1,8 +1,6 @@ name: "Multi-language repository" description: "An end-to-end integration test of a multi-language repository using automatic language detection" operatingSystems: ["ubuntu", "macos"] -env: - CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT: "true" # Remove when Swift is GA. steps: - uses: ./../action/init id: init @@ -58,7 +56,7 @@ steps: fi - name: Check language autodetect for Ruby - if: "(matrix.version == 'cached' || matrix.version == 'latest' || matrix.version == 'nightly-latest')" + if: env.CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT == 'true' shell: bash run: | RUBY_DB=${{ fromJson(steps.analysis.outputs.db-locations).ruby }} @@ -68,7 +66,7 @@ steps: fi - name: Check language autodetect for Swift - if: "(matrix.version == 'cached' || matrix.version == 'latest' || matrix.version == 'nightly-latest')" + if: env.CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT == 'true' shell: bash run: | SWIFT_DB=${{ fromJson(steps.analysis.outputs.db-locations).swift }} diff --git a/pr-checks/checks/swift-autobuild.yml b/pr-checks/checks/swift-autobuild.yml index dd48197700..399da8b024 100644 --- a/pr-checks/checks/swift-autobuild.yml +++ b/pr-checks/checks/swift-autobuild.yml @@ -3,8 +3,6 @@ description: "Tests creation of a Swift database using autobuild" versions: ["latest", "cached", "nightly-latest"] # Swift autobuilder is only supported on MacOS for private beta operatingSystems: ["macos"] -env: - CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT: "true" # Remove when Swift is GA. steps: - uses: ./../action/init id: init diff --git a/pr-checks/checks/swift-custom-build.yml b/pr-checks/checks/swift-custom-build.yml index 1fc1dd5f34..8371d4d1b9 100644 --- a/pr-checks/checks/swift-custom-build.yml +++ b/pr-checks/checks/swift-custom-build.yml @@ -3,7 +3,6 @@ description: "Tests creation of a Swift database using custom build" versions: ["latest", "cached", "nightly-latest"] operatingSystems: ["ubuntu", "macos"] env: - CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT: "true" # Remove when Swift is GA. DOTNET_GENERATE_ASPNET_CERTIFICATE: "false" steps: - uses: ./../action/init diff --git a/pr-checks/sync.py b/pr-checks/sync.py index a5f05c1dc6..0912b08c98 100644 --- a/pr-checks/sync.py +++ b/pr-checks/sync.py @@ -3,12 +3,14 @@ # The default set of CodeQL Bundle versions to use for the PR checks. defaultTestVersions = [ - # The oldest supported CodeQL version: 2.6.3. If bumping, update `CODEQL_MINIMUM_VERSION` in `codeql.ts` - "stable-20211005", - # The last CodeQL release in the 2.7 series: 2.7.6. - "stable-20220120", - # The last CodeQL release in the 2.8 series: 2.8.5. + # The oldest supported CodeQL version: 2.8.5. If bumping, update `CODEQL_MINIMUM_VERSION` in `codeql.ts` "stable-20220401", + # The last CodeQL release in the 2.9 series: 2.9.6. + "stable-20220615", + # The last CodeQL release in the 2.10 series: 2.10.6. + "stable-20220908", + # The last CodeQL release in the 2.11 series: 2.11.6. + "stable-20221211", # The version of CodeQL currently in the toolcache. Typically either the latest release or the one before. "cached", # The latest release of CodeQL. @@ -18,22 +20,6 @@ ] -def isCompatibleWithLatestImages(version): - if version in ["cached", "latest", "nightly-latest"]: - return True - date = version.split("-")[1] - # The first version of the CodeQL CLI compatible with `ubuntu-22.04` and `windows-2022` is - # 2.8.2. This appears in CodeQL Bundle version codeql-bundle-20220224. - return date >= "20220224" - - -def operatingSystemsForVersion(version): - if isCompatibleWithLatestImages(version): - return ["ubuntu-latest", "macos-latest", "windows-latest"] - else: - return ["ubuntu-20.04", "macos-latest", "windows-2019"] - - header = """# Warning: This file is generated automatically, and should not be modified. # Instead, please modify the template in the pr-checks directory and run: # pip install ruamel.yaml && python3 sync.py @@ -60,7 +46,7 @@ def writeHeader(checkStream): matrix = [] for version in checkSpecification.get('versions', defaultTestVersions): - runnerImages = operatingSystemsForVersion(version) + runnerImages = ["ubuntu-latest", "macos-latest", "windows-latest"] if checkSpecification.get('operatingSystems', None): runnerImages = [image for image in runnerImages for operatingSystem in checkSpecification['operatingSystems'] if image.startswith(operatingSystem)] @@ -86,16 +72,6 @@ def writeHeader(checkStream): } ] - if any(not isCompatibleWithLatestImages(m['version']) for m in matrix): - steps.append({ - 'name': 'Set up Go', - 'if': "matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'", - 'uses': 'actions/setup-go@v4', - 'with': { - 'go-version': '^1.13.1' - } - }) - steps.extend(checkSpecification['steps']) checkJob = {