From 5f0a4d3e67a0f3cb983e0e664a6408ccf8866999 Mon Sep 17 00:00:00 2001 From: Andrew Eisenberg Date: Mon, 16 Dec 2024 15:01:37 -0800 Subject: [PATCH 1/2] Bump the minimum supported version of CodeQL to 2.15.5 --- .../workflows/__go-tracing-autobuilder.yml | 8 ++++---- .../__go-tracing-custom-build-steps.yml | 8 ++++---- .../__go-tracing-legacy-workflow.yml | 8 ++++---- .../workflows/__multi-language-autodetect.yml | 20 ++++++++----------- .github/workflows/debug-artifacts.yml | 4 ++-- CHANGELOG.md | 2 +- README.md | 3 +-- lib/codeql.js | 8 ++++---- node_modules/.package-lock.json | 2 +- package-lock.json | 4 ++-- package.json | 2 +- .../checks/multi-language-autodetect.yml | 9 +++------ pr-checks/sync.py | 4 ++-- src/codeql.ts | 8 ++++---- 14 files changed, 41 insertions(+), 49 deletions(-) diff --git a/.github/workflows/__go-tracing-autobuilder.yml b/.github/workflows/__go-tracing-autobuilder.yml index d4a84fc6d8..a430ddd26c 100644 --- a/.github/workflows/__go-tracing-autobuilder.yml +++ b/.github/workflows/__go-tracing-autobuilder.yml @@ -27,10 +27,6 @@ jobs: fail-fast: false matrix: include: - - os: ubuntu-latest - version: stable-v2.14.6 - - os: macos-13 - version: stable-v2.14.6 - os: ubuntu-latest version: stable-v2.15.5 - os: macos-latest @@ -47,6 +43,10 @@ jobs: version: stable-v2.18.4 - os: macos-latest version: stable-v2.18.4 + - os: ubuntu-latest + version: stable-v2.19.4 + - os: macos-latest + version: stable-v2.19.4 - os: ubuntu-latest version: default - os: macos-latest diff --git a/.github/workflows/__go-tracing-custom-build-steps.yml b/.github/workflows/__go-tracing-custom-build-steps.yml index 52b769bd49..bd2af96bc7 100644 --- a/.github/workflows/__go-tracing-custom-build-steps.yml +++ b/.github/workflows/__go-tracing-custom-build-steps.yml @@ -27,10 +27,6 @@ jobs: fail-fast: false matrix: include: - - os: ubuntu-latest - version: stable-v2.14.6 - - os: macos-13 - version: stable-v2.14.6 - os: ubuntu-latest version: stable-v2.15.5 - os: macos-latest @@ -47,6 +43,10 @@ jobs: version: stable-v2.18.4 - os: macos-latest version: stable-v2.18.4 + - os: ubuntu-latest + version: stable-v2.19.4 + - os: macos-latest + version: stable-v2.19.4 - os: ubuntu-latest version: default - os: macos-latest diff --git a/.github/workflows/__go-tracing-legacy-workflow.yml b/.github/workflows/__go-tracing-legacy-workflow.yml index 46f8b85c5d..1f7bee078b 100644 --- a/.github/workflows/__go-tracing-legacy-workflow.yml +++ b/.github/workflows/__go-tracing-legacy-workflow.yml @@ -27,10 +27,6 @@ jobs: fail-fast: false matrix: include: - - os: ubuntu-latest - version: stable-v2.14.6 - - os: macos-13 - version: stable-v2.14.6 - os: ubuntu-latest version: stable-v2.15.5 - os: macos-latest @@ -47,6 +43,10 @@ jobs: version: stable-v2.18.4 - os: macos-latest version: stable-v2.18.4 + - os: ubuntu-latest + version: stable-v2.19.4 + - os: macos-latest + version: stable-v2.19.4 - os: ubuntu-latest version: default - os: macos-latest diff --git a/.github/workflows/__multi-language-autodetect.yml b/.github/workflows/__multi-language-autodetect.yml index 7f1346d137..5d5c52cac3 100644 --- a/.github/workflows/__multi-language-autodetect.yml +++ b/.github/workflows/__multi-language-autodetect.yml @@ -27,10 +27,6 @@ jobs: fail-fast: false matrix: include: - - os: macos-13 - version: stable-v2.14.6 - - os: ubuntu-latest - version: stable-v2.14.6 - os: macos-latest version: stable-v2.15.5 - os: ubuntu-latest @@ -47,6 +43,10 @@ jobs: version: stable-v2.18.4 - os: ubuntu-latest version: stable-v2.18.4 + - os: macos-latest + version: stable-v2.19.4 + - os: ubuntu-latest + version: stable-v2.19.4 - os: macos-latest version: default - os: ubuntu-latest @@ -88,15 +88,12 @@ jobs: id: init with: db-location: ${{ runner.temp }}/customDbLocation - # Swift is not supported on Ubuntu or codeql 2.14 so we manually exclude it from the list here - languages: ${{ (runner.os == 'Linux' || (runner.os == 'macOS' && matrix.version - == 'stable-v2.14.6')) && 'cpp,csharp,go,java,javascript,python,ruby' || - '' }} + languages: ${{ runner.os == 'Linux' && 'cpp,csharp,go,java,javascript,python,ruby' + || '' }} tools: ${{ steps.prepare-test.outputs.tools-url }} - uses: ./../action/.github/actions/setup-swift - # Exclude macos on v2.14.6 since we can not longer run swift on ARM runners - if: runner.os == 'macOS' && matrix.version != 'stable-v2.14.6' + if: runner.os == 'macOS' with: codeql-path: ${{ steps.init.outputs.codeql-path }} @@ -149,8 +146,7 @@ jobs: fi - name: Check language autodetect for Swift on macOS - # Exclude macos on v2.14.6 since we can not longer run swift on ARM runners - if: runner.os == 'macOS' && matrix.version != 'stable-v2.14.6' + if: runner.os == 'macOS' shell: bash run: | SWIFT_DB=${{ fromJson(steps.analysis.outputs.db-locations).swift }} diff --git a/.github/workflows/debug-artifacts.yml b/.github/workflows/debug-artifacts.yml index 348246c164..a8cf710085 100644 --- a/.github/workflows/debug-artifacts.yml +++ b/.github/workflows/debug-artifacts.yml @@ -22,11 +22,11 @@ jobs: fail-fast: false matrix: version: - - stable-v2.14.6 - stable-v2.15.5 - stable-v2.16.6 - stable-v2.17.6 - stable-v2.18.4 + - stable-v2.19.4 - default - linked - nightly-latest @@ -71,7 +71,7 @@ jobs: - name: Check expected artifacts exist shell: bash run: | - VERSIONS="stable-v2.14.6 stable-v2.15.5 stable-v2.16.6 stable-v2.17.6 stable-v2.18.4 default linked nightly-latest" + VERSIONS="stable-v2.15.5 stable-v2.16.6 stable-v2.17.6 stable-v2.18.4 stable-v2.19.4 default linked nightly-latest" LANGUAGES="cpp csharp go java javascript python" for version in $VERSIONS; do pushd "./my-debug-artifacts-${version//./}" diff --git a/CHANGELOG.md b/CHANGELOG.md index 343e6a8eef..ddc1223496 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,7 +6,7 @@ Note that the only difference between `v2` and `v3` of the CodeQL Action is the ## [UNRELEASED] -No user facing changes. +- Bump the minimum CodeQL bundle version to 2.15.5. [#2655](https://github.com/github/codeql-action/pull/2655) ## 3.27.9 - 12 Dec 2024 diff --git a/README.md b/README.md index 429c3ac66e..a32bf37bf6 100644 --- a/README.md +++ b/README.md @@ -81,9 +81,8 @@ We typically release new minor versions of the CodeQL Action and Bundle when a n | `v3.25.11` | `2.17.6` | Enterprise Server 3.14 | | | `v3.24.11` | `2.16.6` | Enterprise Server 3.13 | | | `v3.22.12` | `2.15.5` | Enterprise Server 3.12 | | -| `v2.22.1` | `2.14.6` | Enterprise Server 3.11 | Supports CodeQL Action v3, but did not ship with CodeQL Action v3. For more information, see "[Code scanning: deprecation of CodeQL Action v2](https://github.blog/changelog/2024-01-12-code-scanning-deprecation-of-codeql-action-v2/#users-of-github-enterprise-server-311)." | -CodeQL Action v2 will stop receiving updates when GHES 3.11 is deprecated. +CodeQL Action v2 has stopped receiving updates now that GHES 3.11 is deprecated. See the full list of GHES release and deprecation dates at [GitHub Enterprise Server releases](https://docs.github.com/en/enterprise-server/admin/all-releases#releases-of-github-enterprise-server). diff --git a/lib/codeql.js b/lib/codeql.js index 15609dd8b1..2b4f017c04 100644 --- a/lib/codeql.js +++ b/lib/codeql.js @@ -75,19 +75,19 @@ let cachedCodeQL = undefined; * The version flags below can be used to conditionally enable certain features * on versions newer than this. */ -const CODEQL_MINIMUM_VERSION = "2.14.6"; +const CODEQL_MINIMUM_VERSION = "2.15.5"; /** * This version will shortly become the oldest version of CodeQL that the Action will run with. */ -const CODEQL_NEXT_MINIMUM_VERSION = "2.14.6"; +const CODEQL_NEXT_MINIMUM_VERSION = "2.15.5"; /** * This is the version of GHES that was most recently deprecated. */ -const GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.10"; +const GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.11"; /** * This is the deprecation date for the version of GHES that was most recently deprecated. */ -const GHES_MOST_RECENT_DEPRECATION_DATE = "2024-09-24"; +const GHES_MOST_RECENT_DEPRECATION_DATE = "2024-12-19"; /** The CLI verbosity level to use for extraction in debug mode. */ const EXTRACTION_DEBUG_MODE_VERBOSITY = "progress++"; /* diff --git a/node_modules/.package-lock.json b/node_modules/.package-lock.json index 850e3ca8cf..67fa688f91 100644 --- a/node_modules/.package-lock.json +++ b/node_modules/.package-lock.json @@ -1,6 +1,6 @@ { "name": "codeql", - "version": "3.27.10", + "version": "3.28.0", "lockfileVersion": 3, "requires": true, "packages": { diff --git a/package-lock.json b/package-lock.json index b6b4791df5..83ee1835a6 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "codeql", - "version": "3.27.10", + "version": "3.28.0", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "codeql", - "version": "3.27.10", + "version": "3.28.0", "license": "MIT", "dependencies": { "@actions/artifact": "^2.1.9", diff --git a/package.json b/package.json index e625f3e06f..bcb33a8c73 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "codeql", - "version": "3.27.10", + "version": "3.28.0", "private": true, "description": "CodeQL action", "scripts": { diff --git a/pr-checks/checks/multi-language-autodetect.yml b/pr-checks/checks/multi-language-autodetect.yml index 1bb2ad4258..24049fb723 100644 --- a/pr-checks/checks/multi-language-autodetect.yml +++ b/pr-checks/checks/multi-language-autodetect.yml @@ -10,13 +10,11 @@ steps: id: init with: db-location: "${{ runner.temp }}/customDbLocation" - # Swift is not supported on Ubuntu or codeql 2.14 so we manually exclude it from the list here - languages: ${{ (runner.os == 'Linux' || (runner.os == 'macOS' && matrix.version == 'stable-v2.14.6')) && 'cpp,csharp,go,java,javascript,python,ruby' || '' }} + languages: ${{ runner.os == 'Linux' && 'cpp,csharp,go,java,javascript,python,ruby' || '' }} tools: ${{ steps.prepare-test.outputs.tools-url }} - uses: ./../action/.github/actions/setup-swift - # Exclude macos on v2.14.6 since we can not longer run swift on ARM runners - if: runner.os == 'macOS' && matrix.version != 'stable-v2.14.6' + if: runner.os == 'macOS' with: codeql-path: ${{ steps.init.outputs.codeql-path }} @@ -69,8 +67,7 @@ steps: fi - name: Check language autodetect for Swift on macOS - # Exclude macos on v2.14.6 since we can not longer run swift on ARM runners - if: runner.os == 'macOS' && matrix.version != 'stable-v2.14.6' + if: runner.os == 'macOS' shell: bash run: | SWIFT_DB=${{ fromJson(steps.analysis.outputs.db-locations).swift }} diff --git a/pr-checks/sync.py b/pr-checks/sync.py index 7b3a194352..d16ae4551d 100755 --- a/pr-checks/sync.py +++ b/pr-checks/sync.py @@ -9,8 +9,6 @@ # The default set of CodeQL Bundle versions to use for the PR checks. defaultTestVersions = [ # The oldest supported CodeQL version. If bumping, update `CODEQL_MINIMUM_VERSION` in `codeql.ts` - "stable-v2.14.6", - # The last CodeQL release in the 2.15 series. "stable-v2.15.5", # The last CodeQL release in the 2.16 series. "stable-v2.16.6", @@ -18,6 +16,8 @@ "stable-v2.17.6", # The last CodeQL release in the 2.18 series. "stable-v2.18.4", + # The last CodeQL release in the 2.19 series. + "stable-v2.19.4", # The default version of CodeQL for Dotcom, as determined by feature flags. "default", # The version of CodeQL shipped with the Action in `defaults.json`. During the release process diff --git a/src/codeql.ts b/src/codeql.ts index 486c2d637a..492654dd7a 100644 --- a/src/codeql.ts +++ b/src/codeql.ts @@ -276,22 +276,22 @@ let cachedCodeQL: CodeQL | undefined = undefined; * The version flags below can be used to conditionally enable certain features * on versions newer than this. */ -const CODEQL_MINIMUM_VERSION = "2.14.6"; +const CODEQL_MINIMUM_VERSION = "2.15.5"; /** * This version will shortly become the oldest version of CodeQL that the Action will run with. */ -const CODEQL_NEXT_MINIMUM_VERSION = "2.14.6"; +const CODEQL_NEXT_MINIMUM_VERSION = "2.15.5"; /** * This is the version of GHES that was most recently deprecated. */ -const GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.10"; +const GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.11"; /** * This is the deprecation date for the version of GHES that was most recently deprecated. */ -const GHES_MOST_RECENT_DEPRECATION_DATE = "2024-09-24"; +const GHES_MOST_RECENT_DEPRECATION_DATE = "2024-12-19"; /** The CLI verbosity level to use for extraction in debug mode. */ const EXTRACTION_DEBUG_MODE_VERBOSITY = "progress++"; From beed6ff2e94aa8b13c7e8c50b7cb642f82855e37 Mon Sep 17 00:00:00 2001 From: Andrew Eisenberg Date: Mon, 16 Dec 2024 16:19:33 -0800 Subject: [PATCH 2/2] Change codeql version used in test --- .../workflows/__go-indirect-tracing-workaround-diagnostic.yml | 2 +- .../__go-indirect-tracing-workaround-no-file-program.yml | 2 +- .github/workflows/__go-indirect-tracing-workaround.yml | 2 +- pr-checks/checks/go-indirect-tracing-workaround-diagnostic.yml | 2 +- .../checks/go-indirect-tracing-workaround-no-file-program.yml | 2 +- pr-checks/checks/go-indirect-tracing-workaround.yml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml b/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml index 1726950ad6..2f7caf34b7 100644 --- a/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml +++ b/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml @@ -28,7 +28,7 @@ jobs: matrix: include: - os: ubuntu-latest - version: stable-v2.14.6 + version: default name: 'Go: diagnostic when Go is changed after init step' permissions: contents: read diff --git a/.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml b/.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml index a1d1aa24d1..03d48d86d0 100644 --- a/.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml +++ b/.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml @@ -28,7 +28,7 @@ jobs: matrix: include: - os: ubuntu-latest - version: stable-v2.14.6 + version: default name: 'Go: diagnostic when `file` is not installed' permissions: contents: read diff --git a/.github/workflows/__go-indirect-tracing-workaround.yml b/.github/workflows/__go-indirect-tracing-workaround.yml index 9f7e06e59e..b5924bca17 100644 --- a/.github/workflows/__go-indirect-tracing-workaround.yml +++ b/.github/workflows/__go-indirect-tracing-workaround.yml @@ -28,7 +28,7 @@ jobs: matrix: include: - os: ubuntu-latest - version: stable-v2.14.6 + version: default name: 'Go: workaround for indirect tracing' permissions: contents: read diff --git a/pr-checks/checks/go-indirect-tracing-workaround-diagnostic.yml b/pr-checks/checks/go-indirect-tracing-workaround-diagnostic.yml index 39966b52cd..0638262bfe 100644 --- a/pr-checks/checks/go-indirect-tracing-workaround-diagnostic.yml +++ b/pr-checks/checks/go-indirect-tracing-workaround-diagnostic.yml @@ -3,7 +3,7 @@ description: "Checks that we emit a diagnostic if Go is changed after the init s # only Linux is affected operatingSystems: ["ubuntu"] # pinned to a version which does not support statically linked binaries for indirect tracing -versions: ["stable-v2.14.6"] +versions: ["default"] steps: - uses: actions/setup-go@v5 with: diff --git a/pr-checks/checks/go-indirect-tracing-workaround-no-file-program.yml b/pr-checks/checks/go-indirect-tracing-workaround-no-file-program.yml index 8f90bbde57..e7e6ee9a0a 100644 --- a/pr-checks/checks/go-indirect-tracing-workaround-no-file-program.yml +++ b/pr-checks/checks/go-indirect-tracing-workaround-no-file-program.yml @@ -3,7 +3,7 @@ description: "Checks that we emit a diagnostic if the `file` program is not inst # only Linux is affected operatingSystems: ["ubuntu"] # pinned to a version which does not support statically linked binaries for indirect tracing -versions: ["stable-v2.14.6"] +versions: ["default"] steps: - uses: actions/setup-go@v5 with: diff --git a/pr-checks/checks/go-indirect-tracing-workaround.yml b/pr-checks/checks/go-indirect-tracing-workaround.yml index 14dfb39985..fff42da97a 100644 --- a/pr-checks/checks/go-indirect-tracing-workaround.yml +++ b/pr-checks/checks/go-indirect-tracing-workaround.yml @@ -3,7 +3,7 @@ description: "Checks that our workaround for indirect tracing for Go 1.21+ on Li # only Linux is affected operatingSystems: ["ubuntu"] # pinned to a version which does not support statically linked binaries for indirect tracing -versions: ["stable-v2.14.6"] +versions: ["default"] steps: - uses: actions/setup-go@v5 with: