diff --git a/.github/workflows/__all-platform-bundle.yml b/.github/workflows/__all-platform-bundle.yml index 384d2dca48..6ed442b27f 100644 --- a/.github/workflows/__all-platform-bundle.yml +++ b/.github/workflows/__all-platform-bundle.yml @@ -11,22 +11,24 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: all-platform-bundle: strategy: matrix: include: - - os: ubuntu-latest - version: nightly-latest + - os: ubuntu-latest + version: nightly-latest name: All-platform bundle permissions: contents: read @@ -34,44 +36,44 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'true' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - id: init - uses: ./../action/init - with: - tools: ${{ steps.prepare-test.outputs.tools-url }} - - uses: ./../action/.github/actions/setup-swift - with: - codeql-path: ${{ steps.init.outputs.codeql-path }} - - name: Build code - shell: bash - run: ./build.sh - - uses: ./../action/analyze - with: - upload-database: false + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'true' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - id: init + uses: ./../action/init + with: + tools: ${{ steps.prepare-test.outputs.tools-url }} + - uses: ./../action/.github/actions/setup-swift + with: + codeql-path: ${{ steps.init.outputs.codeql-path }} + - name: Build code + shell: bash + run: ./build.sh + - uses: ./../action/analyze + with: + upload-database: false env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__analyze-ref-input.yml b/.github/workflows/__analyze-ref-input.yml index 6850a63ab1..8ac1b03a44 100644 --- a/.github/workflows/__analyze-ref-input.yml +++ b/.github/workflows/__analyze-ref-input.yml @@ -11,26 +11,28 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: analyze-ref-input: strategy: matrix: include: - - os: ubuntu-latest - version: default - - os: macos-latest - version: default - - os: windows-latest - version: default + - os: ubuntu-latest + version: default + - os: macos-latest + version: default + - os: windows-latest + version: default name: "Analyze: 'ref' and 'sha' from inputs" permissions: contents: read @@ -38,45 +40,45 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: ./../action/init - with: - tools: ${{ steps.prepare-test.outputs.tools-url }} - languages: cpp,csharp,java,javascript,python - config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ - github.sha }} - - name: Build code - shell: bash - run: ./build.sh - - uses: ./../action/analyze - with: - upload-database: false - ref: refs/heads/main - sha: 5e235361806c361d4d3f8859e3c897658025a9a2 + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: ./../action/init + with: + tools: ${{ steps.prepare-test.outputs.tools-url }} + languages: cpp,csharp,java,javascript,python + config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ + github.sha }} + - name: Build code + shell: bash + run: ./build.sh + - uses: ./../action/analyze + with: + upload-database: false + ref: refs/heads/main + sha: 5e235361806c361d4d3f8859e3c897658025a9a2 env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__autobuild-action.yml b/.github/workflows/__autobuild-action.yml index 84a0d95055..067800b3df 100644 --- a/.github/workflows/__autobuild-action.yml +++ b/.github/workflows/__autobuild-action.yml @@ -11,26 +11,28 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: autobuild-action: strategy: matrix: include: - - os: ubuntu-latest - version: latest - - os: macos-latest - version: latest - - os: windows-latest - version: latest + - os: ubuntu-latest + version: latest + - os: macos-latest + version: latest + - os: windows-latest + version: latest name: autobuild-action permissions: contents: read @@ -38,55 +40,55 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: ./../action/init - with: - languages: csharp - tools: ${{ steps.prepare-test.outputs.tools-url }} - - uses: ./../action/autobuild - env: + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: ./../action/init + with: + languages: csharp + tools: ${{ steps.prepare-test.outputs.tools-url }} + - uses: ./../action/autobuild + env: # Explicitly disable the CLR tracer. - COR_ENABLE_PROFILING: '' - COR_PROFILER: '' - COR_PROFILER_PATH_64: '' - CORECLR_ENABLE_PROFILING: '' - CORECLR_PROFILER: '' - CORECLR_PROFILER_PATH_64: '' - - uses: ./../action/analyze - with: - upload-database: false - - name: Check database - shell: bash - run: | - cd "$RUNNER_TEMP/codeql_databases" - if [[ ! -d csharp ]]; then - echo "Did not find a C# database" - exit 1 - fi + COR_ENABLE_PROFILING: '' + COR_PROFILER: '' + COR_PROFILER_PATH_64: '' + CORECLR_ENABLE_PROFILING: '' + CORECLR_PROFILER: '' + CORECLR_PROFILER_PATH_64: '' + - uses: ./../action/analyze + with: + upload-database: false + - name: Check database + shell: bash + run: | + cd "$RUNNER_TEMP/codeql_databases" + if [[ ! -d csharp ]]; then + echo "Did not find a C# database" + exit 1 + fi env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__build-mode-autobuild.yml b/.github/workflows/__build-mode-autobuild.yml index 288eda9129..fee121d96b 100644 --- a/.github/workflows/__build-mode-autobuild.yml +++ b/.github/workflows/__build-mode-autobuild.yml @@ -11,22 +11,24 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: build-mode-autobuild: strategy: matrix: include: - - os: ubuntu-latest - version: nightly-latest + - os: ubuntu-latest + version: nightly-latest name: Build mode autobuild permissions: contents: read @@ -34,55 +36,55 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - name: Set up Java test repo configuration - run: | - mv * .github ../action/tests/multi-language-repo/ - mv ../action/tests/multi-language-repo/.github/workflows .github - mv ../action/tests/java-repo/* . + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - name: Set up Java test repo configuration + run: | + mv * .github ../action/tests/multi-language-repo/ + mv ../action/tests/multi-language-repo/.github/workflows .github + mv ../action/tests/java-repo/* . - - uses: ./../action/init - id: init - with: - build-mode: autobuild - db-location: ${{ runner.temp }}/customDbLocation - languages: java - tools: ${{ steps.prepare-test.outputs.tools-url }} + - uses: ./../action/init + id: init + with: + build-mode: autobuild + db-location: ${{ runner.temp }}/customDbLocation + languages: java + tools: ${{ steps.prepare-test.outputs.tools-url }} - - name: Validate database build mode - run: | - metadata_path="$RUNNER_TEMP/customDbLocation/java/codeql-database.yml" - build_mode=$(yq eval '.buildMode' "$metadata_path") - if [[ "$build_mode" != "autobuild" ]]; then - echo "Expected build mode to be 'autobuild' but was $build_mode" - exit 1 - fi + - name: Validate database build mode + run: | + metadata_path="$RUNNER_TEMP/customDbLocation/java/codeql-database.yml" + build_mode=$(yq eval '.buildMode' "$metadata_path") + if [[ "$build_mode" != "autobuild" ]]; then + echo "Expected build mode to be 'autobuild' but was $build_mode" + exit 1 + fi - - uses: ./../action/analyze + - uses: ./../action/analyze env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__build-mode-manual.yml b/.github/workflows/__build-mode-manual.yml index e762952512..fb67bdefa0 100644 --- a/.github/workflows/__build-mode-manual.yml +++ b/.github/workflows/__build-mode-manual.yml @@ -11,22 +11,24 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: build-mode-manual: strategy: matrix: include: - - os: ubuntu-latest - version: nightly-latest + - os: ubuntu-latest + version: nightly-latest name: Build mode manual permissions: contents: read @@ -34,57 +36,57 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: ./../action/init - id: init - with: - build-mode: manual - db-location: ${{ runner.temp }}/customDbLocation - languages: java - tools: ${{ steps.prepare-test.outputs.tools-url }} + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: ./../action/init + id: init + with: + build-mode: manual + db-location: ${{ runner.temp }}/customDbLocation + languages: java + tools: ${{ steps.prepare-test.outputs.tools-url }} - - name: Validate database build mode - run: | - metadata_path="$RUNNER_TEMP/customDbLocation/java/codeql-database.yml" - build_mode=$(yq eval '.buildMode' "$metadata_path") - if [[ "$build_mode" != "manual" ]]; then - echo "Expected build mode to be 'manual' but was $build_mode" - exit 1 - fi + - name: Validate database build mode + run: | + metadata_path="$RUNNER_TEMP/customDbLocation/java/codeql-database.yml" + build_mode=$(yq eval '.buildMode' "$metadata_path") + if [[ "$build_mode" != "manual" ]]; then + echo "Expected build mode to be 'manual' but was $build_mode" + exit 1 + fi - - uses: ./../action/.github/actions/setup-swift - with: - codeql-path: ${{ steps.init.outputs.codeql-path }} + - uses: ./../action/.github/actions/setup-swift + with: + codeql-path: ${{ steps.init.outputs.codeql-path }} - - name: Build code - shell: bash - run: ./build.sh + - name: Build code + shell: bash + run: ./build.sh - - uses: ./../action/analyze + - uses: ./../action/analyze env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__build-mode-none.yml b/.github/workflows/__build-mode-none.yml index 66dd220dde..b9530efdf8 100644 --- a/.github/workflows/__build-mode-none.yml +++ b/.github/workflows/__build-mode-none.yml @@ -11,24 +11,26 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: build-mode-none: strategy: matrix: include: - - os: ubuntu-latest - version: latest - - os: ubuntu-latest - version: nightly-latest + - os: ubuntu-latest + version: latest + - os: ubuntu-latest + version: nightly-latest name: Build mode none permissions: contents: read @@ -36,53 +38,53 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: ./../action/init - id: init - with: - build-mode: none - db-location: ${{ runner.temp }}/customDbLocation - languages: java - tools: ${{ steps.prepare-test.outputs.tools-url }} + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: ./../action/init + id: init + with: + build-mode: none + db-location: ${{ runner.temp }}/customDbLocation + languages: java + tools: ${{ steps.prepare-test.outputs.tools-url }} - - name: Validate database build mode - run: | - metadata_path="$RUNNER_TEMP/customDbLocation/java/codeql-database.yml" - build_mode=$(yq eval '.buildMode' "$metadata_path") - if [[ "$build_mode" != "none" ]]; then - echo "Expected build mode to be 'none' but was $build_mode" - exit 1 - fi + - name: Validate database build mode + run: | + metadata_path="$RUNNER_TEMP/customDbLocation/java/codeql-database.yml" + build_mode=$(yq eval '.buildMode' "$metadata_path") + if [[ "$build_mode" != "none" ]]; then + echo "Expected build mode to be 'none' but was $build_mode" + exit 1 + fi # The latest nightly supports omitting the autobuild Action when the build mode is specified. - - uses: ./../action/autobuild - if: matrix.version != 'nightly-latest' + - uses: ./../action/autobuild + if: matrix.version != 'nightly-latest' - - uses: ./../action/analyze + - uses: ./../action/analyze env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__build-mode-rollback.yml b/.github/workflows/__build-mode-rollback.yml index f44ce2da54..5108f15bdb 100644 --- a/.github/workflows/__build-mode-rollback.yml +++ b/.github/workflows/__build-mode-rollback.yml @@ -11,22 +11,24 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: build-mode-rollback: strategy: matrix: include: - - os: ubuntu-latest - version: nightly-latest + - os: ubuntu-latest + version: nightly-latest name: Build mode rollback permissions: contents: read @@ -34,56 +36,56 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - name: Set up Java test repo configuration - run: | - mv * .github ../action/tests/multi-language-repo/ - mv ../action/tests/multi-language-repo/.github/workflows .github - mv ../action/tests/java-repo/* . + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - name: Set up Java test repo configuration + run: | + mv * .github ../action/tests/multi-language-repo/ + mv ../action/tests/multi-language-repo/.github/workflows .github + mv ../action/tests/java-repo/* . - - uses: ./../action/init - id: init - with: - build-mode: none - db-location: ${{ runner.temp }}/customDbLocation - languages: java - tools: ${{ steps.prepare-test.outputs.tools-url }} + - uses: ./../action/init + id: init + with: + build-mode: none + db-location: ${{ runner.temp }}/customDbLocation + languages: java + tools: ${{ steps.prepare-test.outputs.tools-url }} - - name: Validate database build mode - run: | - metadata_path="$RUNNER_TEMP/customDbLocation/java/codeql-database.yml" - build_mode=$(yq eval '.buildMode' "$metadata_path") - if [[ "$build_mode" != "autobuild" ]]; then - echo "Expected build mode to be 'autobuild' but was $build_mode" - exit 1 - fi + - name: Validate database build mode + run: | + metadata_path="$RUNNER_TEMP/customDbLocation/java/codeql-database.yml" + build_mode=$(yq eval '.buildMode' "$metadata_path") + if [[ "$build_mode" != "autobuild" ]]; then + echo "Expected build mode to be 'autobuild' but was $build_mode" + exit 1 + fi - - uses: ./../action/analyze + - uses: ./../action/analyze env: CODEQL_ACTION_DISABLE_JAVA_BUILDLESS: true CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__config-export.yml b/.github/workflows/__config-export.yml index eeac29f05b..5862b7ffe6 100644 --- a/.github/workflows/__config-export.yml +++ b/.github/workflows/__config-export.yml @@ -11,32 +11,34 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: config-export: strategy: matrix: include: - - os: ubuntu-latest - version: latest - - os: macos-latest - version: latest - - os: windows-latest - version: latest - - os: ubuntu-latest - version: nightly-latest - - os: macos-latest - version: nightly-latest - - os: windows-latest - version: nightly-latest + - os: ubuntu-latest + version: latest + - os: macos-latest + version: latest + - os: windows-latest + version: latest + - os: ubuntu-latest + version: nightly-latest + - os: macos-latest + version: nightly-latest + - os: windows-latest + version: nightly-latest name: Config export permissions: contents: read @@ -44,72 +46,72 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: ./../action/init - with: - languages: javascript - queries: security-extended - tools: ${{ steps.prepare-test.outputs.tools-url }} - - uses: ./../action/analyze - with: - output: ${{ runner.temp }}/results - upload-database: false - - name: Upload SARIF - uses: actions/upload-artifact@v3 - with: - name: config-export-${{ matrix.os }}-${{ matrix.version }}.sarif.json - path: ${{ runner.temp }}/results/javascript.sarif - retention-days: 7 - - name: Check config properties appear in SARIF - uses: actions/github-script@v7 - env: - SARIF_PATH: ${{ runner.temp }}/results/javascript.sarif - with: - script: | - const fs = require('fs'); + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: ./../action/init + with: + languages: javascript + queries: security-extended + tools: ${{ steps.prepare-test.outputs.tools-url }} + - uses: ./../action/analyze + with: + output: ${{ runner.temp }}/results + upload-database: false + - name: Upload SARIF + uses: actions/upload-artifact@v3 + with: + name: config-export-${{ matrix.os }}-${{ matrix.version }}.sarif.json + path: ${{ runner.temp }}/results/javascript.sarif + retention-days: 7 + - name: Check config properties appear in SARIF + uses: actions/github-script@v7 + env: + SARIF_PATH: ${{ runner.temp }}/results/javascript.sarif + with: + script: | + const fs = require('fs'); - const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8')); - const run = sarif.runs[0]; - const configSummary = run.properties.codeqlConfigSummary; + const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8')); + const run = sarif.runs[0]; + const configSummary = run.properties.codeqlConfigSummary; - if (configSummary === undefined) { - core.setFailed('`codeqlConfigSummary` property not found in the SARIF run property bag.'); - } - if (configSummary.disableDefaultQueries !== false) { - core.setFailed('`disableDefaultQueries` property incorrect: expected false, got ' + - `${JSON.stringify(configSummary.disableDefaultQueries)}.`); - } - const expectedQueries = [{ type: 'builtinSuite', uses: 'security-extended' }]; - // Use JSON.stringify to deep-equal the arrays. - if (JSON.stringify(configSummary.queries) !== JSON.stringify(expectedQueries)) { - core.setFailed(`\`queries\` property incorrect: expected ${JSON.stringify(expectedQueries)}, got ` + - `${JSON.stringify(configSummary.queries)}.`); - } - core.info('Finished config export tests.'); + if (configSummary === undefined) { + core.setFailed('`codeqlConfigSummary` property not found in the SARIF run property bag.'); + } + if (configSummary.disableDefaultQueries !== false) { + core.setFailed('`disableDefaultQueries` property incorrect: expected false, got ' + + `${JSON.stringify(configSummary.disableDefaultQueries)}.`); + } + const expectedQueries = [{ type: 'builtinSuite', uses: 'security-extended' }]; + // Use JSON.stringify to deep-equal the arrays. + if (JSON.stringify(configSummary.queries) !== JSON.stringify(expectedQueries)) { + core.setFailed(`\`queries\` property incorrect: expected ${JSON.stringify(expectedQueries)}, got ` + + `${JSON.stringify(configSummary.queries)}.`); + } + core.info('Finished config export tests.'); env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__config-input.yml b/.github/workflows/__config-input.yml index 2e3b086085..8dd0806f10 100644 --- a/.github/workflows/__config-input.yml +++ b/.github/workflows/__config-input.yml @@ -11,22 +11,24 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: config-input: strategy: matrix: include: - - os: ubuntu-latest - version: latest + - os: ubuntu-latest + version: latest name: Config input permissions: contents: read @@ -34,59 +36,59 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - name: Copy queries into workspace - run: | - cp -a ../action/queries . + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - name: Copy queries into workspace + run: | + cp -a ../action/queries . - - uses: ./../action/init - with: - tools: ${{ steps.prepare-test.outputs.tools-url }} - languages: javascript - build-mode: none - config: | - disable-default-queries: true - queries: - - name: Run custom query - uses: ./queries/default-setup-environment-variables.ql - paths-ignore: - - tests - - lib + - uses: ./../action/init + with: + tools: ${{ steps.prepare-test.outputs.tools-url }} + languages: javascript + build-mode: none + config: | + disable-default-queries: true + queries: + - name: Run custom query + uses: ./queries/default-setup-environment-variables.ql + paths-ignore: + - tests + - lib - - uses: ./../action/analyze - with: - output: ${{ runner.temp }}/results + - uses: ./../action/analyze + with: + output: ${{ runner.temp }}/results - - name: Check SARIF - uses: ./../action/.github/actions/check-sarif - with: - sarif-file: ${{ runner.temp }}/results/javascript.sarif - queries-run: javascript/codeql-action/default-setup-env-vars - queries-not-run: javascript/codeql-action/default-setup-context-properties + - name: Check SARIF + uses: ./../action/.github/actions/check-sarif + with: + sarif-file: ${{ runner.temp }}/results/javascript.sarif + queries-run: javascript/codeql-action/default-setup-env-vars + queries-not-run: javascript/codeql-action/default-setup-context-properties env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__cpp-deptrace-disabled.yml b/.github/workflows/__cpp-deptrace-disabled.yml index d68c72101a..1a5efd492b 100644 --- a/.github/workflows/__cpp-deptrace-disabled.yml +++ b/.github/workflows/__cpp-deptrace-disabled.yml @@ -11,26 +11,28 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: cpp-deptrace-disabled: strategy: matrix: include: - - os: ubuntu-latest - version: latest - - os: ubuntu-latest - version: default - - os: ubuntu-latest - version: nightly-latest + - os: ubuntu-latest + version: latest + - os: ubuntu-latest + version: default + - os: ubuntu-latest + version: nightly-latest name: 'C/C++: disabling autoinstalling dependencies (Linux)' permissions: contents: read @@ -38,51 +40,51 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - name: Test setup - shell: bash - run: | - cp -a ../action/tests/cpp-autobuild autobuild-dir - - uses: ./../action/init - with: - languages: cpp - tools: ${{ steps.prepare-test.outputs.tools-url }} - - uses: ./../action/autobuild - with: - working-directory: autobuild-dir - env: - CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: false - - shell: bash - run: | - if ls /usr/bin/errno; then - echo "C/C++ autobuild installed errno, but it should not have since auto-install dependencies is disabled." - exit 1 - fi + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - name: Test setup + shell: bash + run: | + cp -a ../action/tests/cpp-autobuild autobuild-dir + - uses: ./../action/init + with: + languages: cpp + tools: ${{ steps.prepare-test.outputs.tools-url }} + - uses: ./../action/autobuild + with: + working-directory: autobuild-dir + env: + CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: false + - shell: bash + run: | + if ls /usr/bin/errno; then + echo "C/C++ autobuild installed errno, but it should not have since auto-install dependencies is disabled." + exit 1 + fi env: DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false' CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__cpp-deptrace-enabled-on-macos.yml b/.github/workflows/__cpp-deptrace-enabled-on-macos.yml index 1f86c061aa..65b47f2e5d 100644 --- a/.github/workflows/__cpp-deptrace-enabled-on-macos.yml +++ b/.github/workflows/__cpp-deptrace-enabled-on-macos.yml @@ -11,22 +11,24 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: cpp-deptrace-enabled-on-macos: strategy: matrix: include: - - os: macos-latest - version: nightly-latest + - os: macos-latest + version: nightly-latest name: 'C/C++: autoinstalling dependencies is skipped (macOS)' permissions: contents: read @@ -34,53 +36,53 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - name: Test setup - shell: bash - run: | - cp -a ../action/tests/cpp-autobuild autobuild-dir - - uses: ./../action/init - with: - languages: cpp - tools: ${{ steps.prepare-test.outputs.tools-url }} - - uses: ./../action/autobuild - with: - working-directory: autobuild-dir - env: - CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: true - - shell: bash - run: | - if ! ls /usr/bin/errno; then - echo "As expected, CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES is a no-op on macOS" - else - echo "CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES should not have had any effect on macOS" - exit 1 - fi + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - name: Test setup + shell: bash + run: | + cp -a ../action/tests/cpp-autobuild autobuild-dir + - uses: ./../action/init + with: + languages: cpp + tools: ${{ steps.prepare-test.outputs.tools-url }} + - uses: ./../action/autobuild + with: + working-directory: autobuild-dir + env: + CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: true + - shell: bash + run: | + if ! ls /usr/bin/errno; then + echo "As expected, CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES is a no-op on macOS" + else + echo "CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES should not have had any effect on macOS" + exit 1 + fi env: DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false' CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__cpp-deptrace-enabled.yml b/.github/workflows/__cpp-deptrace-enabled.yml index ba99f61f1d..c4e9ddeb6c 100644 --- a/.github/workflows/__cpp-deptrace-enabled.yml +++ b/.github/workflows/__cpp-deptrace-enabled.yml @@ -11,26 +11,28 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: cpp-deptrace-enabled: strategy: matrix: include: - - os: ubuntu-latest - version: latest - - os: ubuntu-latest - version: default - - os: ubuntu-latest - version: nightly-latest + - os: ubuntu-latest + version: latest + - os: ubuntu-latest + version: default + - os: ubuntu-latest + version: nightly-latest name: 'C/C++: autoinstalling dependencies (Linux)' permissions: contents: read @@ -38,51 +40,51 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - name: Test setup - shell: bash - run: | - cp -a ../action/tests/cpp-autobuild autobuild-dir - - uses: ./../action/init - with: - languages: cpp - tools: ${{ steps.prepare-test.outputs.tools-url }} - - uses: ./../action/autobuild - with: - working-directory: autobuild-dir - env: - CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: true - - shell: bash - run: | - if ! ls /usr/bin/errno; then - echo "Did not autoinstall errno" - exit 1 - fi + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - name: Test setup + shell: bash + run: | + cp -a ../action/tests/cpp-autobuild autobuild-dir + - uses: ./../action/init + with: + languages: cpp + tools: ${{ steps.prepare-test.outputs.tools-url }} + - uses: ./../action/autobuild + with: + working-directory: autobuild-dir + env: + CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: true + - shell: bash + run: | + if ! ls /usr/bin/errno; then + echo "Did not autoinstall errno" + exit 1 + fi env: DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false' CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__diagnostics-export.yml b/.github/workflows/__diagnostics-export.yml index 47983a3081..b39122cb5e 100644 --- a/.github/workflows/__diagnostics-export.yml +++ b/.github/workflows/__diagnostics-export.yml @@ -11,38 +11,40 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: diagnostics-export: strategy: matrix: include: - - os: ubuntu-latest - version: stable-20230317 - - os: macos-latest - version: stable-20230317 - - os: windows-latest - version: stable-20230317 - - os: ubuntu-latest - version: latest - - os: macos-latest - version: latest - - os: windows-latest - version: latest - - os: ubuntu-latest - version: nightly-latest - - os: macos-latest - version: nightly-latest - - os: windows-latest - version: nightly-latest + - os: ubuntu-latest + version: stable-20230317 + - os: macos-latest + version: stable-20230317 + - os: windows-latest + version: stable-20230317 + - os: ubuntu-latest + version: latest + - os: macos-latest + version: latest + - os: windows-latest + version: latest + - os: ubuntu-latest + version: nightly-latest + - os: macos-latest + version: nightly-latest + - os: windows-latest + version: nightly-latest name: Diagnostic export permissions: contents: read @@ -50,113 +52,113 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: ./../action/init - id: init - with: - languages: javascript - tools: ${{ steps.prepare-test.outputs.tools-url }} - - name: Add test diagnostics - shell: bash - env: - CODEQL_PATH: ${{ steps.init.outputs.codeql-path }} - run: | - for i in {1..2}; do - # Use the same location twice to test the workaround for the bug in CodeQL CLI 2.12.5 that - # produces an invalid diagnostic with multiple identical location objects. - "$CODEQL_PATH" database add-diagnostic \ - "$RUNNER_TEMP/codeql_databases/javascript" \ - --file-path /path/to/file \ - --plaintext-message "Plaintext message $i" \ - --source-id "lang/diagnostics/example" \ - --source-name "Diagnostic name" \ - --ready-for-status-page - done - - uses: ./../action/analyze - with: - output: ${{ runner.temp }}/results - upload-database: false - - name: Upload SARIF - uses: actions/upload-artifact@v3 - with: - name: diagnostics-export-${{ matrix.os }}-${{ matrix.version }}.sarif.json - path: ${{ runner.temp }}/results/javascript.sarif - retention-days: 7 - - name: Check diagnostics appear in SARIF - uses: actions/github-script@v7 - env: - SARIF_PATH: ${{ runner.temp }}/results/javascript.sarif - with: - script: | - const fs = require('fs'); + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: ./../action/init + id: init + with: + languages: javascript + tools: ${{ steps.prepare-test.outputs.tools-url }} + - name: Add test diagnostics + shell: bash + env: + CODEQL_PATH: ${{ steps.init.outputs.codeql-path }} + run: | + for i in {1..2}; do + # Use the same location twice to test the workaround for the bug in CodeQL CLI 2.12.5 that + # produces an invalid diagnostic with multiple identical location objects. + "$CODEQL_PATH" database add-diagnostic \ + "$RUNNER_TEMP/codeql_databases/javascript" \ + --file-path /path/to/file \ + --plaintext-message "Plaintext message $i" \ + --source-id "lang/diagnostics/example" \ + --source-name "Diagnostic name" \ + --ready-for-status-page + done + - uses: ./../action/analyze + with: + output: ${{ runner.temp }}/results + upload-database: false + - name: Upload SARIF + uses: actions/upload-artifact@v3 + with: + name: diagnostics-export-${{ matrix.os }}-${{ matrix.version }}.sarif.json + path: ${{ runner.temp }}/results/javascript.sarif + retention-days: 7 + - name: Check diagnostics appear in SARIF + uses: actions/github-script@v7 + env: + SARIF_PATH: ${{ runner.temp }}/results/javascript.sarif + with: + script: | + const fs = require('fs'); - function checkStatusPageNotification(n) { - const expectedMessage = 'Plaintext message 1\n\nCodeQL also found 1 other diagnostic like this. See the workflow log for details.'; - if (n.message.text !== expectedMessage) { - core.setFailed(`Expected the status page diagnostic to have the message '${expectedMessage}', but found '${n.message.text}'.`); + function checkStatusPageNotification(n) { + const expectedMessage = 'Plaintext message 1\n\nCodeQL also found 1 other diagnostic like this. See the workflow log for details.'; + if (n.message.text !== expectedMessage) { + core.setFailed(`Expected the status page diagnostic to have the message '${expectedMessage}', but found '${n.message.text}'.`); + } + if (n.locations.length !== 1) { + core.setFailed(`Expected the status page diagnostic to have exactly 1 location, but found ${n.locations.length}.`); + } } - if (n.locations.length !== 1) { - core.setFailed(`Expected the status page diagnostic to have exactly 1 location, but found ${n.locations.length}.`); - } - } - const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8')); - const run = sarif.runs[0]; + const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8')); + const run = sarif.runs[0]; - const toolExecutionNotifications = run.invocations[0].toolExecutionNotifications; - const statusPageNotifications = toolExecutionNotifications.filter(n => - n.descriptor.id === 'lang/diagnostics/example' && n.properties?.visibility?.statusPage - ); - if (statusPageNotifications.length !== 1) { - core.setFailed( - 'Expected exactly one status page reporting descriptor for this diagnostic in the ' + - `'runs[].invocations[].toolExecutionNotifications[]' SARIF property, but found ` + - `${statusPageNotifications.length}. All notification reporting descriptors: ` + - `${JSON.stringify(toolExecutionNotifications)}.` + const toolExecutionNotifications = run.invocations[0].toolExecutionNotifications; + const statusPageNotifications = toolExecutionNotifications.filter(n => + n.descriptor.id === 'lang/diagnostics/example' && n.properties?.visibility?.statusPage ); - } - checkStatusPageNotification(statusPageNotifications[0]); + if (statusPageNotifications.length !== 1) { + core.setFailed( + 'Expected exactly one status page reporting descriptor for this diagnostic in the ' + + `'runs[].invocations[].toolExecutionNotifications[]' SARIF property, but found ` + + `${statusPageNotifications.length}. All notification reporting descriptors: ` + + `${JSON.stringify(toolExecutionNotifications)}.` + ); + } + checkStatusPageNotification(statusPageNotifications[0]); - const notifications = run.tool.driver.notifications; - const diagnosticNotification = notifications.filter(n => - n.id === 'lang/diagnostics/example' && n.name === 'lang/diagnostics/example' && - n.fullDescription.text === 'Diagnostic name' - ); - if (diagnosticNotification.length !== 1) { - core.setFailed( - 'Expected exactly one notification for this diagnostic in the ' + - `'runs[].tool.driver.notifications[]' SARIF property, but found ` + - `${diagnosticNotification.length}. All notifications: ` + - `${JSON.stringify(notifications)}.` + const notifications = run.tool.driver.notifications; + const diagnosticNotification = notifications.filter(n => + n.id === 'lang/diagnostics/example' && n.name === 'lang/diagnostics/example' && + n.fullDescription.text === 'Diagnostic name' ); - } + if (diagnosticNotification.length !== 1) { + core.setFailed( + 'Expected exactly one notification for this diagnostic in the ' + + `'runs[].tool.driver.notifications[]' SARIF property, but found ` + + `${diagnosticNotification.length}. All notifications: ` + + `${JSON.stringify(notifications)}.` + ); + } - core.info('Finished diagnostic export test'); + core.info('Finished diagnostic export test'); env: CODEQL_ACTION_EXPORT_DIAGNOSTICS: true CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__export-file-baseline-information.yml b/.github/workflows/__export-file-baseline-information.yml index c395a5655d..8206163f4a 100644 --- a/.github/workflows/__export-file-baseline-information.yml +++ b/.github/workflows/__export-file-baseline-information.yml @@ -11,26 +11,28 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: export-file-baseline-information: strategy: matrix: include: - - os: ubuntu-latest - version: nightly-latest - - os: macos-latest - version: nightly-latest - - os: windows-latest - version: nightly-latest + - os: ubuntu-latest + version: nightly-latest + - os: macos-latest + version: nightly-latest + - os: windows-latest + version: nightly-latest name: Export file baseline information permissions: contents: read @@ -38,72 +40,72 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: ./../action/init - id: init - with: - languages: javascript - tools: ${{ steps.prepare-test.outputs.tools-url }} - - uses: ./../action/.github/actions/setup-swift - with: - codeql-path: ${{ steps.init.outputs.codeql-path }} - - name: Build code - shell: bash - run: ./build.sh - - uses: ./../action/analyze - with: - output: ${{ runner.temp }}/results - - name: Upload SARIF - uses: actions/upload-artifact@v3 - with: - name: with-baseline-information-${{ matrix.os }}-${{ matrix.version }}.sarif.json - path: ${{ runner.temp }}/results/javascript.sarif - retention-days: 7 - - name: Check results - shell: bash - run: | - cd "$RUNNER_TEMP/results" - expected_baseline_languages="c csharp go java kotlin javascript python ruby" - if [[ $RUNNER_OS != "Windows" ]]; then - expected_baseline_languages+=" swift" - fi - - for lang in ${expected_baseline_languages}; do - rule_name="cli/expected-extracted-files/${lang}" - found_notification=$(jq --arg rule_name "${rule_name}" '[.runs[0].tool.driver.notifications | - select(. != null) | flatten | .[].id] | any(. == $rule_name)' javascript.sarif) - if [[ "${found_notification}" != "true" ]]; then - echo "Expected SARIF output to contain notification '${rule_name}', but found no such notification." - exit 1 - else - echo "Found notification '${rule_name}'." + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: ./../action/init + id: init + with: + languages: javascript + tools: ${{ steps.prepare-test.outputs.tools-url }} + - uses: ./../action/.github/actions/setup-swift + with: + codeql-path: ${{ steps.init.outputs.codeql-path }} + - name: Build code + shell: bash + run: ./build.sh + - uses: ./../action/analyze + with: + output: ${{ runner.temp }}/results + - name: Upload SARIF + uses: actions/upload-artifact@v3 + with: + name: with-baseline-information-${{ matrix.os }}-${{ matrix.version }}.sarif.json + path: ${{ runner.temp }}/results/javascript.sarif + retention-days: 7 + - name: Check results + shell: bash + run: | + cd "$RUNNER_TEMP/results" + expected_baseline_languages="c csharp go java kotlin javascript python ruby" + if [[ $RUNNER_OS != "Windows" ]]; then + expected_baseline_languages+=" swift" fi - done + + for lang in ${expected_baseline_languages}; do + rule_name="cli/expected-extracted-files/${lang}" + found_notification=$(jq --arg rule_name "${rule_name}" '[.runs[0].tool.driver.notifications | + select(. != null) | flatten | .[].id] | any(. == $rule_name)' javascript.sarif) + if [[ "${found_notification}" != "true" ]]; then + echo "Expected SARIF output to contain notification '${rule_name}', but found no such notification." + exit 1 + else + echo "Found notification '${rule_name}'." + fi + done env: CODEQL_ACTION_SUBLANGUAGE_FILE_COVERAGE: true CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__extractor-ram-threads.yml b/.github/workflows/__extractor-ram-threads.yml index 5823fa50ad..17450c0321 100644 --- a/.github/workflows/__extractor-ram-threads.yml +++ b/.github/workflows/__extractor-ram-threads.yml @@ -11,22 +11,24 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: extractor-ram-threads: strategy: matrix: include: - - os: ubuntu-latest - version: latest + - os: ubuntu-latest + version: latest name: Extractor ram and threads options test permissions: contents: read @@ -34,55 +36,55 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: ./../action/init - with: - languages: java - ram: 230 - threads: 1 - - name: Assert Results - shell: bash - run: | - if [ "${CODEQL_RAM}" != "230" ]; then - echo "CODEQL_RAM is '${CODEQL_RAM}' instead of 230" - exit 1 - fi - if [ "${CODEQL_EXTRACTOR_JAVA_RAM}" != "230" ]; then - echo "CODEQL_EXTRACTOR_JAVA_RAM is '${CODEQL_EXTRACTOR_JAVA_RAM}' instead of 230" - exit 1 - fi - if [ "${CODEQL_THREADS}" != "1" ]; then - echo "CODEQL_THREADS is '${CODEQL_THREADS}' instead of 1" - exit 1 - fi - if [ "${CODEQL_EXTRACTOR_JAVA_THREADS}" != "1" ]; then - echo "CODEQL_EXTRACTOR_JAVA_THREADS is '${CODEQL_EXTRACTOR_JAVA_THREADS}' instead of 1" - exit 1 - fi + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: ./../action/init + with: + languages: java + ram: 230 + threads: 1 + - name: Assert Results + shell: bash + run: | + if [ "${CODEQL_RAM}" != "230" ]; then + echo "CODEQL_RAM is '${CODEQL_RAM}' instead of 230" + exit 1 + fi + if [ "${CODEQL_EXTRACTOR_JAVA_RAM}" != "230" ]; then + echo "CODEQL_EXTRACTOR_JAVA_RAM is '${CODEQL_EXTRACTOR_JAVA_RAM}' instead of 230" + exit 1 + fi + if [ "${CODEQL_THREADS}" != "1" ]; then + echo "CODEQL_THREADS is '${CODEQL_THREADS}' instead of 1" + exit 1 + fi + if [ "${CODEQL_EXTRACTOR_JAVA_THREADS}" != "1" ]; then + echo "CODEQL_EXTRACTOR_JAVA_THREADS is '${CODEQL_EXTRACTOR_JAVA_THREADS}' instead of 1" + exit 1 + fi env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__go-custom-queries.yml b/.github/workflows/__go-custom-queries.yml index d8db274075..be2169b41c 100644 --- a/.github/workflows/__go-custom-queries.yml +++ b/.github/workflows/__go-custom-queries.yml @@ -11,62 +11,64 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: go-custom-queries: strategy: matrix: include: - - os: ubuntu-latest - version: stable-20221211 - - os: macos-latest - version: stable-20221211 - - os: windows-latest - version: stable-20221211 - - os: ubuntu-latest - version: stable-20230418 - - os: macos-latest - version: stable-20230418 - - os: windows-latest - version: stable-20230418 - - os: ubuntu-latest - version: stable-v2.13.5 - - os: macos-latest - version: stable-v2.13.5 - - os: windows-latest - version: stable-v2.13.5 - - os: ubuntu-latest - version: stable-v2.14.6 - - os: macos-latest - version: stable-v2.14.6 - - os: windows-latest - version: stable-v2.14.6 - - os: ubuntu-latest - version: default - - os: macos-latest - version: default - - os: windows-latest - version: default - - os: ubuntu-latest - version: latest - - os: macos-latest - version: latest - - os: windows-latest - version: latest - - os: ubuntu-latest - version: nightly-latest - - os: macos-latest - version: nightly-latest - - os: windows-latest - version: nightly-latest + - os: ubuntu-latest + version: stable-20221211 + - os: macos-latest + version: stable-20221211 + - os: windows-latest + version: stable-20221211 + - os: ubuntu-latest + version: stable-20230418 + - os: macos-latest + version: stable-20230418 + - os: windows-latest + version: stable-20230418 + - os: ubuntu-latest + version: stable-v2.13.5 + - os: macos-latest + version: stable-v2.13.5 + - os: windows-latest + version: stable-v2.13.5 + - os: ubuntu-latest + version: stable-v2.14.6 + - os: macos-latest + version: stable-v2.14.6 + - os: windows-latest + version: stable-v2.14.6 + - os: ubuntu-latest + version: default + - os: macos-latest + version: default + - os: windows-latest + version: default + - os: ubuntu-latest + version: latest + - os: macos-latest + version: latest + - os: windows-latest + version: latest + - os: ubuntu-latest + version: nightly-latest + - os: macos-latest + version: nightly-latest + - os: windows-latest + version: nightly-latest name: 'Go: Custom queries' permissions: contents: read @@ -74,43 +76,43 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: ./../action/init - with: - languages: go - config-file: ./.github/codeql/custom-queries.yml - tools: ${{ steps.prepare-test.outputs.tools-url }} - - name: Build code - shell: bash - run: ./build.sh - - uses: ./../action/analyze - with: - upload-database: false + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: ./../action/init + with: + languages: go + config-file: ./.github/codeql/custom-queries.yml + tools: ${{ steps.prepare-test.outputs.tools-url }} + - name: Build code + shell: bash + run: ./build.sh + - uses: ./../action/analyze + with: + upload-database: false env: DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false' CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml b/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml index 19b5744110..cc3541630a 100644 --- a/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml +++ b/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml @@ -11,22 +11,24 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: go-indirect-tracing-workaround-diagnostic: strategy: matrix: include: - - os: ubuntu-latest - version: stable-v2.14.6 + - os: ubuntu-latest + version: stable-v2.14.6 name: 'Go: diagnostic when Go is changed after init step' permissions: contents: read @@ -34,73 +36,73 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: actions/setup-go@v5 - with: + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: actions/setup-go@v5 + with: # We need a Go version that ships with statically linked binaries on Linux - go-version: '>=1.21.0' - - uses: ./../action/init - with: - languages: go - tools: ${{ steps.prepare-test.outputs.tools-url }} + go-version: '>=1.21.0' + - uses: ./../action/init + with: + languages: go + tools: ${{ steps.prepare-test.outputs.tools-url }} # Deliberately change Go after the `init` step - - uses: actions/setup-go@v5 - with: - go-version: '1.20' - - name: Build code - shell: bash - run: go build main.go - - uses: ./../action/analyze - with: - output: ${{ runner.temp }}/results - upload-database: false - - name: Check diagnostic appears in SARIF - uses: actions/github-script@v7 - env: - SARIF_PATH: ${{ runner.temp }}/results/go.sarif - with: - script: | - const fs = require('fs'); + - uses: actions/setup-go@v5 + with: + go-version: '1.20' + - name: Build code + shell: bash + run: go build main.go + - uses: ./../action/analyze + with: + output: ${{ runner.temp }}/results + upload-database: false + - name: Check diagnostic appears in SARIF + uses: actions/github-script@v7 + env: + SARIF_PATH: ${{ runner.temp }}/results/go.sarif + with: + script: | + const fs = require('fs'); - const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8')); - const run = sarif.runs[0]; + const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8')); + const run = sarif.runs[0]; - const toolExecutionNotifications = run.invocations[0].toolExecutionNotifications; - const statusPageNotifications = toolExecutionNotifications.filter(n => - n.descriptor.id === 'go/workflow/go-installed-after-codeql-init' && n.properties?.visibility?.statusPage - ); - if (statusPageNotifications.length !== 1) { - core.setFailed( - 'Expected exactly one status page reporting descriptor for this diagnostic in the ' + - `'runs[].invocations[].toolExecutionNotifications[]' SARIF property, but found ` + - `${statusPageNotifications.length}. All notification reporting descriptors: ` + - `${JSON.stringify(toolExecutionNotifications)}.` + const toolExecutionNotifications = run.invocations[0].toolExecutionNotifications; + const statusPageNotifications = toolExecutionNotifications.filter(n => + n.descriptor.id === 'go/workflow/go-installed-after-codeql-init' && n.properties?.visibility?.statusPage ); - } + if (statusPageNotifications.length !== 1) { + core.setFailed( + 'Expected exactly one status page reporting descriptor for this diagnostic in the ' + + `'runs[].invocations[].toolExecutionNotifications[]' SARIF property, but found ` + + `${statusPageNotifications.length}. All notification reporting descriptors: ` + + `${JSON.stringify(toolExecutionNotifications)}.` + ); + } env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__go-indirect-tracing-workaround.yml b/.github/workflows/__go-indirect-tracing-workaround.yml index 11c164fa59..3dd584fc16 100644 --- a/.github/workflows/__go-indirect-tracing-workaround.yml +++ b/.github/workflows/__go-indirect-tracing-workaround.yml @@ -11,22 +11,24 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: go-indirect-tracing-workaround: strategy: matrix: include: - - os: ubuntu-latest - version: stable-v2.14.6 + - os: ubuntu-latest + version: stable-v2.14.6 name: 'Go: workaround for indirect tracing' permissions: contents: read @@ -34,71 +36,71 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: actions/setup-go@v5 - with: + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: actions/setup-go@v5 + with: # We need a Go version that ships with statically linked binaries on Linux - go-version: '>=1.21.0' - - uses: ./../action/init - with: - languages: go - tools: ${{ steps.prepare-test.outputs.tools-url }} - - name: Build code - shell: bash - run: go build main.go - - uses: ./../action/analyze - with: - upload-database: false - - shell: bash - run: | - if [[ -z "${CODEQL_ACTION_GO_BINARY}" ]]; then - echo "Expected the workaround for indirect tracing of static binaries to trigger, but the" \ - "CODEQL_ACTION_GO_BINARY environment variable is not set." - exit 1 - fi - if [[ ! -f "${CODEQL_ACTION_GO_BINARY}" ]]; then - echo "CODEQL_ACTION_GO_BINARY is set, but the corresponding script does not exist." - exit 1 - fi + go-version: '>=1.21.0' + - uses: ./../action/init + with: + languages: go + tools: ${{ steps.prepare-test.outputs.tools-url }} + - name: Build code + shell: bash + run: go build main.go + - uses: ./../action/analyze + with: + upload-database: false + - shell: bash + run: | + if [[ -z "${CODEQL_ACTION_GO_BINARY}" ]]; then + echo "Expected the workaround for indirect tracing of static binaries to trigger, but the" \ + "CODEQL_ACTION_GO_BINARY environment variable is not set." + exit 1 + fi + if [[ ! -f "${CODEQL_ACTION_GO_BINARY}" ]]; then + echo "CODEQL_ACTION_GO_BINARY is set, but the corresponding script does not exist." + exit 1 + fi - # Once we start running Bash 4.2 in all environments, we can replace the - # `! -z` flag with the more elegant `-v` which confirms that the variable - # is actually unset and not potentially set to a blank value. - if [[ ! -z "${CODEQL_ACTION_DID_AUTOBUILD_GOLANG}" ]]; then - echo "Expected the Go autobuilder not to be run, but the" \ - "CODEQL_ACTION_DID_AUTOBUILD_GOLANG environment variable was set." - exit 1 - fi - cd "$RUNNER_TEMP/codeql_databases" - if [[ ! -d go ]]; then - echo "Did not find a Go database" - exit 1 - fi + # Once we start running Bash 4.2 in all environments, we can replace the + # `! -z` flag with the more elegant `-v` which confirms that the variable + # is actually unset and not potentially set to a blank value. + if [[ ! -z "${CODEQL_ACTION_DID_AUTOBUILD_GOLANG}" ]]; then + echo "Expected the Go autobuilder not to be run, but the" \ + "CODEQL_ACTION_DID_AUTOBUILD_GOLANG environment variable was set." + exit 1 + fi + cd "$RUNNER_TEMP/codeql_databases" + if [[ ! -d go ]]; then + echo "Did not find a Go database" + exit 1 + fi env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__go-tracing-autobuilder.yml b/.github/workflows/__go-tracing-autobuilder.yml index 5f1c28df3d..14bc3d00ed 100644 --- a/.github/workflows/__go-tracing-autobuilder.yml +++ b/.github/workflows/__go-tracing-autobuilder.yml @@ -11,48 +11,50 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: go-tracing-autobuilder: strategy: matrix: include: - - os: ubuntu-latest - version: stable-20221211 - - os: macos-latest - version: stable-20221211 - - os: ubuntu-latest - version: stable-20230418 - - os: macos-latest - version: stable-20230418 - - os: ubuntu-latest - version: stable-v2.13.5 - - os: macos-latest - version: stable-v2.13.5 - - os: ubuntu-latest - version: stable-v2.14.6 - - os: macos-latest - version: stable-v2.14.6 - - os: ubuntu-latest - version: default - - os: macos-latest - version: default - - os: ubuntu-latest - version: latest - - os: macos-latest - version: latest - - os: ubuntu-latest - version: nightly-latest - - os: macos-latest - version: nightly-latest + - os: ubuntu-latest + version: stable-20221211 + - os: macos-latest + version: stable-20221211 + - os: ubuntu-latest + version: stable-20230418 + - os: macos-latest + version: stable-20230418 + - os: ubuntu-latest + version: stable-v2.13.5 + - os: macos-latest + version: stable-v2.13.5 + - os: ubuntu-latest + version: stable-v2.14.6 + - os: macos-latest + version: stable-v2.14.6 + - os: ubuntu-latest + version: default + - os: macos-latest + version: default + - os: ubuntu-latest + version: latest + - os: macos-latest + version: latest + - os: ubuntu-latest + version: nightly-latest + - os: macos-latest + version: nightly-latest name: 'Go: tracing with autobuilder step' permissions: contents: read @@ -60,58 +62,58 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: actions/setup-go@v5 - with: - go-version: ~1.22.0 + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: actions/setup-go@v5 + with: + go-version: ~1.22.0 # to avoid potentially misleading autobuilder results where we expect it to download # dependencies successfully, but they actually come from a warm cache - cache: false - - uses: ./../action/init - with: - languages: go - tools: ${{ steps.prepare-test.outputs.tools-url }} - - uses: ./../action/autobuild - - uses: ./../action/analyze - with: - upload-database: false - - shell: bash - run: | - if [[ "${CODEQL_ACTION_DID_AUTOBUILD_GOLANG}" != true ]]; then - echo "Expected the Go autobuilder to be run, but the" \ - "CODEQL_ACTION_DID_AUTOBUILD_GOLANG environment variable was not true." - exit 1 - fi - cd "$RUNNER_TEMP/codeql_databases" - if [[ ! -d go ]]; then - echo "Did not find a Go database" - exit 1 - fi + cache: false + - uses: ./../action/init + with: + languages: go + tools: ${{ steps.prepare-test.outputs.tools-url }} + - uses: ./../action/autobuild + - uses: ./../action/analyze + with: + upload-database: false + - shell: bash + run: | + if [[ "${CODEQL_ACTION_DID_AUTOBUILD_GOLANG}" != true ]]; then + echo "Expected the Go autobuilder to be run, but the" \ + "CODEQL_ACTION_DID_AUTOBUILD_GOLANG environment variable was not true." + exit 1 + fi + cd "$RUNNER_TEMP/codeql_databases" + if [[ ! -d go ]]; then + echo "Did not find a Go database" + exit 1 + fi env: DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false' CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__go-tracing-custom-build-steps.yml b/.github/workflows/__go-tracing-custom-build-steps.yml index 7d55eaa069..e86ed18e44 100644 --- a/.github/workflows/__go-tracing-custom-build-steps.yml +++ b/.github/workflows/__go-tracing-custom-build-steps.yml @@ -11,48 +11,50 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: go-tracing-custom-build-steps: strategy: matrix: include: - - os: ubuntu-latest - version: stable-20221211 - - os: macos-latest - version: stable-20221211 - - os: ubuntu-latest - version: stable-20230418 - - os: macos-latest - version: stable-20230418 - - os: ubuntu-latest - version: stable-v2.13.5 - - os: macos-latest - version: stable-v2.13.5 - - os: ubuntu-latest - version: stable-v2.14.6 - - os: macos-latest - version: stable-v2.14.6 - - os: ubuntu-latest - version: default - - os: macos-latest - version: default - - os: ubuntu-latest - version: latest - - os: macos-latest - version: latest - - os: ubuntu-latest - version: nightly-latest - - os: macos-latest - version: nightly-latest + - os: ubuntu-latest + version: stable-20221211 + - os: macos-latest + version: stable-20221211 + - os: ubuntu-latest + version: stable-20230418 + - os: macos-latest + version: stable-20230418 + - os: ubuntu-latest + version: stable-v2.13.5 + - os: macos-latest + version: stable-v2.13.5 + - os: ubuntu-latest + version: stable-v2.14.6 + - os: macos-latest + version: stable-v2.14.6 + - os: ubuntu-latest + version: default + - os: macos-latest + version: default + - os: ubuntu-latest + version: latest + - os: macos-latest + version: latest + - os: ubuntu-latest + version: nightly-latest + - os: macos-latest + version: nightly-latest name: 'Go: tracing with custom build steps' permissions: contents: read @@ -60,62 +62,62 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: actions/setup-go@v5 - with: - go-version: ~1.22.0 + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: actions/setup-go@v5 + with: + go-version: ~1.22.0 # to avoid potentially misleading autobuilder results where we expect it to download # dependencies successfully, but they actually come from a warm cache - cache: false - - uses: ./../action/init - with: - languages: go - tools: ${{ steps.prepare-test.outputs.tools-url }} - - name: Build code - shell: bash - run: go build main.go - - uses: ./../action/analyze - with: - upload-database: false - - shell: bash - run: | - # Once we start running Bash 4.2 in all environments, we can replace the - # `! -z` flag with the more elegant `-v` which confirms that the variable - # is actually unset and not potentially set to a blank value. - if [[ ! -z "${CODEQL_ACTION_DID_AUTOBUILD_GOLANG}" ]]; then - echo "Expected the Go autobuilder not to be run, but the" \ - "CODEQL_ACTION_DID_AUTOBUILD_GOLANG environment variable was set." - exit 1 - fi - cd "$RUNNER_TEMP/codeql_databases" - if [[ ! -d go ]]; then - echo "Did not find a Go database" - exit 1 - fi + cache: false + - uses: ./../action/init + with: + languages: go + tools: ${{ steps.prepare-test.outputs.tools-url }} + - name: Build code + shell: bash + run: go build main.go + - uses: ./../action/analyze + with: + upload-database: false + - shell: bash + run: | + # Once we start running Bash 4.2 in all environments, we can replace the + # `! -z` flag with the more elegant `-v` which confirms that the variable + # is actually unset and not potentially set to a blank value. + if [[ ! -z "${CODEQL_ACTION_DID_AUTOBUILD_GOLANG}" ]]; then + echo "Expected the Go autobuilder not to be run, but the" \ + "CODEQL_ACTION_DID_AUTOBUILD_GOLANG environment variable was set." + exit 1 + fi + cd "$RUNNER_TEMP/codeql_databases" + if [[ ! -d go ]]; then + echo "Did not find a Go database" + exit 1 + fi env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__go-tracing-legacy-workflow.yml b/.github/workflows/__go-tracing-legacy-workflow.yml index a1e9bb5cee..05451817a8 100644 --- a/.github/workflows/__go-tracing-legacy-workflow.yml +++ b/.github/workflows/__go-tracing-legacy-workflow.yml @@ -11,48 +11,50 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: go-tracing-legacy-workflow: strategy: matrix: include: - - os: ubuntu-latest - version: stable-20221211 - - os: macos-latest - version: stable-20221211 - - os: ubuntu-latest - version: stable-20230418 - - os: macos-latest - version: stable-20230418 - - os: ubuntu-latest - version: stable-v2.13.5 - - os: macos-latest - version: stable-v2.13.5 - - os: ubuntu-latest - version: stable-v2.14.6 - - os: macos-latest - version: stable-v2.14.6 - - os: ubuntu-latest - version: default - - os: macos-latest - version: default - - os: ubuntu-latest - version: latest - - os: macos-latest - version: latest - - os: ubuntu-latest - version: nightly-latest - - os: macos-latest - version: nightly-latest + - os: ubuntu-latest + version: stable-20221211 + - os: macos-latest + version: stable-20221211 + - os: ubuntu-latest + version: stable-20230418 + - os: macos-latest + version: stable-20230418 + - os: ubuntu-latest + version: stable-v2.13.5 + - os: macos-latest + version: stable-v2.13.5 + - os: ubuntu-latest + version: stable-v2.14.6 + - os: macos-latest + version: stable-v2.14.6 + - os: ubuntu-latest + version: default + - os: macos-latest + version: default + - os: ubuntu-latest + version: latest + - os: macos-latest + version: latest + - os: ubuntu-latest + version: nightly-latest + - os: macos-latest + version: nightly-latest name: 'Go: tracing with legacy workflow' permissions: contents: read @@ -60,52 +62,52 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: actions/setup-go@v5 - with: - go-version: ~1.22.0 + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: actions/setup-go@v5 + with: + go-version: ~1.22.0 # to avoid potentially misleading autobuilder results where we expect it to download # dependencies successfully, but they actually come from a warm cache - cache: false - - uses: ./../action/init - with: - languages: go - tools: ${{ steps.prepare-test.outputs.tools-url }} - - uses: ./../action/analyze - with: - upload-database: false - - shell: bash - run: | - cd "$RUNNER_TEMP/codeql_databases" - if [[ ! -d go ]]; then - echo "Did not find a Go database" - exit 1 - fi + cache: false + - uses: ./../action/init + with: + languages: go + tools: ${{ steps.prepare-test.outputs.tools-url }} + - uses: ./../action/analyze + with: + upload-database: false + - shell: bash + run: | + cd "$RUNNER_TEMP/codeql_databases" + if [[ ! -d go ]]; then + echo "Did not find a Go database" + exit 1 + fi env: DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false' CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__init-with-registries.yml b/.github/workflows/__init-with-registries.yml index 6e41cf0a00..d083c5d730 100644 --- a/.github/workflows/__init-with-registries.yml +++ b/.github/workflows/__init-with-registries.yml @@ -11,38 +11,40 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: init-with-registries: strategy: matrix: include: - - os: ubuntu-latest - version: default - - os: macos-latest - version: default - - os: windows-latest - version: default - - os: ubuntu-latest - version: latest - - os: macos-latest - version: latest - - os: windows-latest - version: latest - - os: ubuntu-latest - version: nightly-latest - - os: macos-latest - version: nightly-latest - - os: windows-latest - version: nightly-latest + - os: ubuntu-latest + version: default + - os: macos-latest + version: default + - os: windows-latest + version: default + - os: ubuntu-latest + version: latest + - os: macos-latest + version: latest + - os: windows-latest + version: latest + - os: ubuntu-latest + version: nightly-latest + - os: macos-latest + version: nightly-latest + - os: windows-latest + version: nightly-latest name: 'Packaging: Download using registries' permissions: contents: read @@ -51,94 +53,94 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - name: Init with registries - uses: ./../action/init - with: - db-location: ${{ runner.temp }}/customDbLocation - tools: ${{ steps.prepare-test.outputs.tools-url }} - config-file: ./.github/codeql/codeql-config-registries.yml - languages: javascript - registries: | - - url: "https://ghcr.io/v2/" - packages: "*/*" - token: "${{ secrets.GITHUB_TOKEN }}" + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - name: Init with registries + uses: ./../action/init + with: + db-location: ${{ runner.temp }}/customDbLocation + tools: ${{ steps.prepare-test.outputs.tools-url }} + config-file: ./.github/codeql/codeql-config-registries.yml + languages: javascript + registries: | + - url: "https://ghcr.io/v2/" + packages: "*/*" + token: "${{ secrets.GITHUB_TOKEN }}" - - name: Verify packages installed - shell: bash - run: | - PRIVATE_PACK="$HOME/.codeql/packages/codeql-testing/private-pack" - CODEQL_PACK1="$HOME/.codeql/packages/codeql-testing/codeql-pack1" + - name: Verify packages installed + shell: bash + run: | + PRIVATE_PACK="$HOME/.codeql/packages/codeql-testing/private-pack" + CODEQL_PACK1="$HOME/.codeql/packages/codeql-testing/codeql-pack1" - if [[ -d $PRIVATE_PACK ]] - then - echo "$PRIVATE_PACK was installed." - else - echo "::error $PRIVATE_PACK pack was not installed." - exit 1 - fi + if [[ -d $PRIVATE_PACK ]] + then + echo "$PRIVATE_PACK was installed." + else + echo "::error $PRIVATE_PACK pack was not installed." + exit 1 + fi - if [[ -d $CODEQL_PACK1 ]] - then - echo "$CODEQL_PACK1 was installed." - else - echo "::error $CODEQL_PACK1 pack was not installed." - exit 1 - fi + if [[ -d $CODEQL_PACK1 ]] + then + echo "$CODEQL_PACK1 was installed." + else + echo "::error $CODEQL_PACK1 pack was not installed." + exit 1 + fi - - name: Verify qlconfig.yml file was created - shell: bash - run: | - QLCONFIG_PATH=$RUNNER_TEMP/qlconfig.yml - echo "Expected qlconfig.yml file to be created at $QLCONFIG_PATH" - if [[ -f $QLCONFIG_PATH ]] - then - echo "qlconfig.yml file was created." - else - echo "::error qlconfig.yml file was not created." - exit 1 - fi + - name: Verify qlconfig.yml file was created + shell: bash + run: | + QLCONFIG_PATH=$RUNNER_TEMP/qlconfig.yml + echo "Expected qlconfig.yml file to be created at $QLCONFIG_PATH" + if [[ -f $QLCONFIG_PATH ]] + then + echo "qlconfig.yml file was created." + else + echo "::error qlconfig.yml file was not created." + exit 1 + fi - - name: Verify contents of qlconfig.yml + - name: Verify contents of qlconfig.yml # yq is not available on windows - if: runner.os != 'Windows' - shell: bash - run: | - QLCONFIG_PATH=$RUNNER_TEMP/qlconfig.yml - cat $QLCONFIG_PATH | yq -e '.registries[] | select(.url == "https://ghcr.io/v2/") | select(.packages == "*/*")' - if [[ $? -eq 0 ]] - then - echo "Registry was added to qlconfig.yml file." - else - echo "::error Registry was not added to qlconfig.yml file." - echo "Contents of qlconfig.yml file:" - cat $QLCONFIG_PATH - exit 1 - fi + if: runner.os != 'Windows' + shell: bash + run: | + QLCONFIG_PATH=$RUNNER_TEMP/qlconfig.yml + cat $QLCONFIG_PATH | yq -e '.registries[] | select(.url == "https://ghcr.io/v2/") | select(.packages == "*/*")' + if [[ $? -eq 0 ]] + then + echo "Registry was added to qlconfig.yml file." + else + echo "::error Registry was not added to qlconfig.yml file." + echo "Contents of qlconfig.yml file:" + cat $QLCONFIG_PATH + exit 1 + fi env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__javascript-source-root.yml b/.github/workflows/__javascript-source-root.yml index f87d5f9d2b..94b8d5110e 100644 --- a/.github/workflows/__javascript-source-root.yml +++ b/.github/workflows/__javascript-source-root.yml @@ -11,26 +11,28 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: javascript-source-root: strategy: matrix: include: - - os: ubuntu-latest - version: latest - - os: ubuntu-latest - version: default - - os: ubuntu-latest - version: nightly-latest + - os: ubuntu-latest + version: latest + - os: ubuntu-latest + version: default + - os: ubuntu-latest + version: nightly-latest name: Custom source root permissions: contents: read @@ -38,54 +40,54 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - name: Move codeql-action - shell: bash - run: | - mkdir ../new-source-root - mv * ../new-source-root - - uses: ./../action/init - with: - languages: javascript - source-root: ../new-source-root - tools: ${{ steps.prepare-test.outputs.tools-url }} - - uses: ./../action/analyze - with: - upload-database: false - skip-queries: true - upload: never - - name: Assert database exists - shell: bash - run: | - cd "$RUNNER_TEMP/codeql_databases" - if [[ ! -d javascript ]]; then - echo "Did not find a JavaScript database" - exit 1 - fi + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - name: Move codeql-action + shell: bash + run: | + mkdir ../new-source-root + mv * ../new-source-root + - uses: ./../action/init + with: + languages: javascript + source-root: ../new-source-root + tools: ${{ steps.prepare-test.outputs.tools-url }} + - uses: ./../action/analyze + with: + upload-database: false + skip-queries: true + upload: never + - name: Assert database exists + shell: bash + run: | + cd "$RUNNER_TEMP/codeql_databases" + if [[ ! -d javascript ]]; then + echo "Did not find a JavaScript database" + exit 1 + fi env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__language-aliases.yml b/.github/workflows/__language-aliases.yml index c796fdc72f..70965097e5 100644 --- a/.github/workflows/__language-aliases.yml +++ b/.github/workflows/__language-aliases.yml @@ -11,22 +11,24 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: language-aliases: strategy: matrix: include: - - os: ubuntu-latest - version: latest + - os: ubuntu-latest + version: latest name: Language aliases permissions: contents: read @@ -34,46 +36,46 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: ./../action/init - with: - languages: C#,java-kotlin,swift,typescript - tools: ${{ steps.prepare-test.outputs.tools-url }} + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: ./../action/init + with: + languages: C#,java-kotlin,swift,typescript + tools: ${{ steps.prepare-test.outputs.tools-url }} - - name: Check languages - run: | - expected_languages="csharp,java,swift,javascript" - actual_languages=$(jq -r '.languages | join(",")' "$RUNNER_TEMP"/config) + - name: Check languages + run: | + expected_languages="csharp,java,swift,javascript" + actual_languages=$(jq -r '.languages | join(",")' "$RUNNER_TEMP"/config) - if [ "$expected_languages" != "$actual_languages" ]; then - echo "Resolved languages did not match expected list. " \ - "Expected languages: $expected_languages. Actual languages: $actual_languages." - exit 1 - fi + if [ "$expected_languages" != "$actual_languages" ]; then + echo "Resolved languages did not match expected list. " \ + "Expected languages: $expected_languages. Actual languages: $actual_languages." + exit 1 + fi env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__multi-language-autodetect.yml b/.github/workflows/__multi-language-autodetect.yml index 0385d67f02..174740ea81 100644 --- a/.github/workflows/__multi-language-autodetect.yml +++ b/.github/workflows/__multi-language-autodetect.yml @@ -11,48 +11,50 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: multi-language-autodetect: strategy: matrix: include: - - os: ubuntu-latest - version: stable-20221211 - - os: macos-latest - version: stable-20221211 - - os: ubuntu-latest - version: stable-20230418 - - os: macos-latest - version: stable-20230418 - - os: ubuntu-latest - version: stable-v2.13.5 - - os: macos-latest - version: stable-v2.13.5 - - os: ubuntu-latest - version: stable-v2.14.6 - - os: macos-latest - version: stable-v2.14.6 - - os: ubuntu-latest - version: default - - os: macos-latest - version: default - - os: ubuntu-latest - version: latest - - os: macos-latest - version: latest - - os: ubuntu-latest - version: nightly-latest - - os: macos-latest - version: nightly-latest + - os: ubuntu-latest + version: stable-20221211 + - os: macos-latest + version: stable-20221211 + - os: ubuntu-latest + version: stable-20230418 + - os: macos-latest + version: stable-20230418 + - os: ubuntu-latest + version: stable-v2.13.5 + - os: macos-latest + version: stable-v2.13.5 + - os: ubuntu-latest + version: stable-v2.14.6 + - os: macos-latest + version: stable-v2.14.6 + - os: ubuntu-latest + version: default + - os: macos-latest + version: default + - os: ubuntu-latest + version: latest + - os: macos-latest + version: latest + - os: ubuntu-latest + version: nightly-latest + - os: macos-latest + version: nightly-latest name: Multi-language repository permissions: contents: read @@ -60,100 +62,100 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: ./../action/init - id: init - with: - db-location: ${{ runner.temp }}/customDbLocation - tools: ${{ steps.prepare-test.outputs.tools-url }} + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: ./../action/init + id: init + with: + db-location: ${{ runner.temp }}/customDbLocation + tools: ${{ steps.prepare-test.outputs.tools-url }} - - uses: ./../action/.github/actions/setup-swift - with: - codeql-path: ${{ steps.init.outputs.codeql-path }} + - uses: ./../action/.github/actions/setup-swift + with: + codeql-path: ${{ steps.init.outputs.codeql-path }} - - name: Build code - shell: bash - run: ./build.sh + - name: Build code + shell: bash + run: ./build.sh - - uses: ./../action/analyze - id: analysis - with: - upload-database: false + - uses: ./../action/analyze + id: analysis + with: + upload-database: false - - name: Check language autodetect for all languages excluding Swift - shell: bash - run: | - CPP_DB=${{ fromJson(steps.analysis.outputs.db-locations).cpp }} - if [[ ! -d $CPP_DB ]] || [[ ! $CPP_DB == ${{ runner.temp }}/customDbLocation/* ]]; then - echo "Did not create a database for CPP, or created it in the wrong location." - exit 1 - fi - CSHARP_DB=${{ fromJson(steps.analysis.outputs.db-locations).csharp }} - if [[ ! -d $CSHARP_DB ]] || [[ ! $CSHARP_DB == ${{ runner.temp }}/customDbLocation/* ]]; then - echo "Did not create a database for C Sharp, or created it in the wrong location." - exit 1 - fi - GO_DB=${{ fromJson(steps.analysis.outputs.db-locations).go }} - if [[ ! -d $GO_DB ]] || [[ ! $GO_DB == ${{ runner.temp }}/customDbLocation/* ]]; then - echo "Did not create a database for Go, or created it in the wrong location." - exit 1 - fi - JAVA_DB=${{ fromJson(steps.analysis.outputs.db-locations).java }} - if [[ ! -d $JAVA_DB ]] || [[ ! $JAVA_DB == ${{ runner.temp }}/customDbLocation/* ]]; then - echo "Did not create a database for Java, or created it in the wrong location." - exit 1 - fi - JAVASCRIPT_DB=${{ fromJson(steps.analysis.outputs.db-locations).javascript }} - if [[ ! -d $JAVASCRIPT_DB ]] || [[ ! $JAVASCRIPT_DB == ${{ runner.temp }}/customDbLocation/* ]]; then - echo "Did not create a database for Javascript, or created it in the wrong location." - exit 1 - fi - PYTHON_DB=${{ fromJson(steps.analysis.outputs.db-locations).python }} - if [[ ! -d $PYTHON_DB ]] || [[ ! $PYTHON_DB == ${{ runner.temp }}/customDbLocation/* ]]; then - echo "Did not create a database for Python, or created it in the wrong location." - exit 1 - fi - RUBY_DB=${{ fromJson(steps.analysis.outputs.db-locations).ruby }} - if [[ ! -d $RUBY_DB ]] || [[ ! $RUBY_DB == ${{ runner.temp }}/customDbLocation/* ]]; then - echo "Did not create a database for Ruby, or created it in the wrong location." - exit 1 - fi + - name: Check language autodetect for all languages excluding Swift + shell: bash + run: | + CPP_DB=${{ fromJson(steps.analysis.outputs.db-locations).cpp }} + if [[ ! -d $CPP_DB ]] || [[ ! $CPP_DB == ${{ runner.temp }}/customDbLocation/* ]]; then + echo "Did not create a database for CPP, or created it in the wrong location." + exit 1 + fi + CSHARP_DB=${{ fromJson(steps.analysis.outputs.db-locations).csharp }} + if [[ ! -d $CSHARP_DB ]] || [[ ! $CSHARP_DB == ${{ runner.temp }}/customDbLocation/* ]]; then + echo "Did not create a database for C Sharp, or created it in the wrong location." + exit 1 + fi + GO_DB=${{ fromJson(steps.analysis.outputs.db-locations).go }} + if [[ ! -d $GO_DB ]] || [[ ! $GO_DB == ${{ runner.temp }}/customDbLocation/* ]]; then + echo "Did not create a database for Go, or created it in the wrong location." + exit 1 + fi + JAVA_DB=${{ fromJson(steps.analysis.outputs.db-locations).java }} + if [[ ! -d $JAVA_DB ]] || [[ ! $JAVA_DB == ${{ runner.temp }}/customDbLocation/* ]]; then + echo "Did not create a database for Java, or created it in the wrong location." + exit 1 + fi + JAVASCRIPT_DB=${{ fromJson(steps.analysis.outputs.db-locations).javascript }} + if [[ ! -d $JAVASCRIPT_DB ]] || [[ ! $JAVASCRIPT_DB == ${{ runner.temp }}/customDbLocation/* ]]; then + echo "Did not create a database for Javascript, or created it in the wrong location." + exit 1 + fi + PYTHON_DB=${{ fromJson(steps.analysis.outputs.db-locations).python }} + if [[ ! -d $PYTHON_DB ]] || [[ ! $PYTHON_DB == ${{ runner.temp }}/customDbLocation/* ]]; then + echo "Did not create a database for Python, or created it in the wrong location." + exit 1 + fi + RUBY_DB=${{ fromJson(steps.analysis.outputs.db-locations).ruby }} + if [[ ! -d $RUBY_DB ]] || [[ ! $RUBY_DB == ${{ runner.temp }}/customDbLocation/* ]]; then + echo "Did not create a database for Ruby, or created it in the wrong location." + exit 1 + fi - - name: Check language autodetect for Swift - if: >- - env.CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT == 'true' || - (runner.os != 'Windows' && matrix.version == 'nightly-latest') - shell: bash - run: | - SWIFT_DB=${{ fromJson(steps.analysis.outputs.db-locations).swift }} - if [[ ! -d $SWIFT_DB ]] || [[ ! $SWIFT_DB == ${{ runner.temp }}/customDbLocation/* ]]; then - echo "Did not create a database for Swift, or created it in the wrong location." - exit 1 - fi + - name: Check language autodetect for Swift + if: >- + env.CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT == 'true' || + (runner.os != 'Windows' && matrix.version == 'nightly-latest') + shell: bash + run: | + SWIFT_DB=${{ fromJson(steps.analysis.outputs.db-locations).swift }} + if [[ ! -d $SWIFT_DB ]] || [[ ! $SWIFT_DB == ${{ runner.temp }}/customDbLocation/* ]]; then + echo "Did not create a database for Swift, or created it in the wrong location." + exit 1 + fi env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__packaging-codescanning-config-inputs-js.yml b/.github/workflows/__packaging-codescanning-config-inputs-js.yml index 07f16ab32b..e36abefc29 100644 --- a/.github/workflows/__packaging-codescanning-config-inputs-js.yml +++ b/.github/workflows/__packaging-codescanning-config-inputs-js.yml @@ -11,38 +11,40 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: packaging-codescanning-config-inputs-js: strategy: matrix: include: - - os: ubuntu-latest - version: latest - - os: macos-latest - version: latest - - os: windows-latest - version: latest - - os: ubuntu-latest - version: default - - os: macos-latest - version: default - - os: windows-latest - version: default - - os: ubuntu-latest - version: nightly-latest - - os: macos-latest - version: nightly-latest - - os: windows-latest - version: nightly-latest + - os: ubuntu-latest + version: latest + - os: macos-latest + version: latest + - os: windows-latest + version: latest + - os: ubuntu-latest + version: default + - os: macos-latest + version: default + - os: windows-latest + version: default + - os: ubuntu-latest + version: nightly-latest + - os: macos-latest + version: nightly-latest + - os: windows-latest + version: nightly-latest name: 'Packaging: Config and input passed to the CLI' permissions: contents: read @@ -50,67 +52,67 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: ./../action/init - with: - config-file: .github/codeql/codeql-config-packaging3.yml - packs: +codeql-testing/codeql-pack1@1.0.0 - languages: javascript - tools: ${{ steps.prepare-test.outputs.tools-url }} - - name: Build code - shell: bash - run: ./build.sh - - uses: ./../action/analyze - with: - output: ${{ runner.temp }}/results - upload-database: false + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: ./../action/init + with: + config-file: .github/codeql/codeql-config-packaging3.yml + packs: +codeql-testing/codeql-pack1@1.0.0 + languages: javascript + tools: ${{ steps.prepare-test.outputs.tools-url }} + - name: Build code + shell: bash + run: ./build.sh + - uses: ./../action/analyze + with: + output: ${{ runner.temp }}/results + upload-database: false - - name: Check results - uses: ./../action/.github/actions/check-sarif - with: - sarif-file: ${{ runner.temp }}/results/javascript.sarif - queries-run: - javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block - queries-not-run: foo,bar + - name: Check results + uses: ./../action/.github/actions/check-sarif + with: + sarif-file: ${{ runner.temp }}/results/javascript.sarif + queries-run: + javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block + queries-not-run: foo,bar - - name: Assert Results - shell: bash - run: | - cd "$RUNNER_TEMP/results" - # We should have 4 hits from these rules - EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block" + - name: Assert Results + shell: bash + run: | + cd "$RUNNER_TEMP/results" + # We should have 4 hits from these rules + EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block" - # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace - RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)" - echo "Found matching rules '$RULES'" - if [ "$RULES" != "$EXPECTED_RULES" ]; then - echo "Did not match expected rules '$EXPECTED_RULES'." - exit 1 - fi + # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace + RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)" + echo "Found matching rules '$RULES'" + if [ "$RULES" != "$EXPECTED_RULES" ]; then + echo "Did not match expected rules '$EXPECTED_RULES'." + exit 1 + fi env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__packaging-config-inputs-js.yml b/.github/workflows/__packaging-config-inputs-js.yml index 79a9034436..7b8d3746f1 100644 --- a/.github/workflows/__packaging-config-inputs-js.yml +++ b/.github/workflows/__packaging-config-inputs-js.yml @@ -11,38 +11,40 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: packaging-config-inputs-js: strategy: matrix: include: - - os: ubuntu-latest - version: latest - - os: macos-latest - version: latest - - os: windows-latest - version: latest - - os: ubuntu-latest - version: default - - os: macos-latest - version: default - - os: windows-latest - version: default - - os: ubuntu-latest - version: nightly-latest - - os: macos-latest - version: nightly-latest - - os: windows-latest - version: nightly-latest + - os: ubuntu-latest + version: latest + - os: macos-latest + version: latest + - os: windows-latest + version: latest + - os: ubuntu-latest + version: default + - os: macos-latest + version: default + - os: windows-latest + version: default + - os: ubuntu-latest + version: nightly-latest + - os: macos-latest + version: nightly-latest + - os: windows-latest + version: nightly-latest name: 'Packaging: Config and input' permissions: contents: read @@ -50,67 +52,67 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: ./../action/init - with: - config-file: .github/codeql/codeql-config-packaging3.yml - packs: +codeql-testing/codeql-pack1@1.0.0 - languages: javascript - tools: ${{ steps.prepare-test.outputs.tools-url }} - - name: Build code - shell: bash - run: ./build.sh - - uses: ./../action/analyze - with: - output: ${{ runner.temp }}/results - upload-database: false + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: ./../action/init + with: + config-file: .github/codeql/codeql-config-packaging3.yml + packs: +codeql-testing/codeql-pack1@1.0.0 + languages: javascript + tools: ${{ steps.prepare-test.outputs.tools-url }} + - name: Build code + shell: bash + run: ./build.sh + - uses: ./../action/analyze + with: + output: ${{ runner.temp }}/results + upload-database: false - - name: Check results - uses: ./../action/.github/actions/check-sarif - with: - sarif-file: ${{ runner.temp }}/results/javascript.sarif - queries-run: - javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block - queries-not-run: foo,bar + - name: Check results + uses: ./../action/.github/actions/check-sarif + with: + sarif-file: ${{ runner.temp }}/results/javascript.sarif + queries-run: + javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block + queries-not-run: foo,bar - - name: Assert Results - shell: bash - run: | - cd "$RUNNER_TEMP/results" - # We should have 4 hits from these rules - EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block" + - name: Assert Results + shell: bash + run: | + cd "$RUNNER_TEMP/results" + # We should have 4 hits from these rules + EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block" - # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace - RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)" - echo "Found matching rules '$RULES'" - if [ "$RULES" != "$EXPECTED_RULES" ]; then - echo "Did not match expected rules '$EXPECTED_RULES'." - exit 1 - fi + # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace + RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)" + echo "Found matching rules '$RULES'" + if [ "$RULES" != "$EXPECTED_RULES" ]; then + echo "Did not match expected rules '$EXPECTED_RULES'." + exit 1 + fi env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__packaging-config-js.yml b/.github/workflows/__packaging-config-js.yml index 8654b8eb8b..bf6b101349 100644 --- a/.github/workflows/__packaging-config-js.yml +++ b/.github/workflows/__packaging-config-js.yml @@ -11,38 +11,40 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: packaging-config-js: strategy: matrix: include: - - os: ubuntu-latest - version: latest - - os: macos-latest - version: latest - - os: windows-latest - version: latest - - os: ubuntu-latest - version: default - - os: macos-latest - version: default - - os: windows-latest - version: default - - os: ubuntu-latest - version: nightly-latest - - os: macos-latest - version: nightly-latest - - os: windows-latest - version: nightly-latest + - os: ubuntu-latest + version: latest + - os: macos-latest + version: latest + - os: windows-latest + version: latest + - os: ubuntu-latest + version: default + - os: macos-latest + version: default + - os: windows-latest + version: default + - os: ubuntu-latest + version: nightly-latest + - os: macos-latest + version: nightly-latest + - os: windows-latest + version: nightly-latest name: 'Packaging: Config file' permissions: contents: read @@ -50,66 +52,66 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: ./../action/init - with: - config-file: .github/codeql/codeql-config-packaging.yml - languages: javascript - tools: ${{ steps.prepare-test.outputs.tools-url }} - - name: Build code - shell: bash - run: ./build.sh - - uses: ./../action/analyze - with: - output: ${{ runner.temp }}/results - upload-database: false + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: ./../action/init + with: + config-file: .github/codeql/codeql-config-packaging.yml + languages: javascript + tools: ${{ steps.prepare-test.outputs.tools-url }} + - name: Build code + shell: bash + run: ./build.sh + - uses: ./../action/analyze + with: + output: ${{ runner.temp }}/results + upload-database: false - - name: Check results - uses: ./../action/.github/actions/check-sarif - with: - sarif-file: ${{ runner.temp }}/results/javascript.sarif - queries-run: - javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block - queries-not-run: foo,bar + - name: Check results + uses: ./../action/.github/actions/check-sarif + with: + sarif-file: ${{ runner.temp }}/results/javascript.sarif + queries-run: + javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block + queries-not-run: foo,bar - - name: Assert Results - shell: bash - run: | - cd "$RUNNER_TEMP/results" - # We should have 4 hits from these rules - EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block" + - name: Assert Results + shell: bash + run: | + cd "$RUNNER_TEMP/results" + # We should have 4 hits from these rules + EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block" - # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace - RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)" - echo "Found matching rules '$RULES'" - if [ "$RULES" != "$EXPECTED_RULES" ]; then - echo "Did not match expected rules '$EXPECTED_RULES'." - exit 1 - fi + # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace + RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)" + echo "Found matching rules '$RULES'" + if [ "$RULES" != "$EXPECTED_RULES" ]; then + echo "Did not match expected rules '$EXPECTED_RULES'." + exit 1 + fi env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__packaging-inputs-js.yml b/.github/workflows/__packaging-inputs-js.yml index 079da18d20..fa0a5768c9 100644 --- a/.github/workflows/__packaging-inputs-js.yml +++ b/.github/workflows/__packaging-inputs-js.yml @@ -11,38 +11,40 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: packaging-inputs-js: strategy: matrix: include: - - os: ubuntu-latest - version: latest - - os: macos-latest - version: latest - - os: windows-latest - version: latest - - os: ubuntu-latest - version: default - - os: macos-latest - version: default - - os: windows-latest - version: default - - os: ubuntu-latest - version: nightly-latest - - os: macos-latest - version: nightly-latest - - os: windows-latest - version: nightly-latest + - os: ubuntu-latest + version: latest + - os: macos-latest + version: latest + - os: windows-latest + version: latest + - os: ubuntu-latest + version: default + - os: macos-latest + version: default + - os: windows-latest + version: default + - os: ubuntu-latest + version: nightly-latest + - os: macos-latest + version: nightly-latest + - os: windows-latest + version: nightly-latest name: 'Packaging: Action input' permissions: contents: read @@ -50,66 +52,66 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: ./../action/init - with: - config-file: .github/codeql/codeql-config-packaging2.yml - languages: javascript - packs: codeql-testing/codeql-pack1@1.0.0, codeql-testing/codeql-pack2, codeql-testing/codeql-pack3:other-query.ql - tools: ${{ steps.prepare-test.outputs.tools-url }} - - name: Build code - shell: bash - run: ./build.sh - - uses: ./../action/analyze - with: - output: ${{ runner.temp }}/results + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: ./../action/init + with: + config-file: .github/codeql/codeql-config-packaging2.yml + languages: javascript + packs: codeql-testing/codeql-pack1@1.0.0, codeql-testing/codeql-pack2, codeql-testing/codeql-pack3:other-query.ql + tools: ${{ steps.prepare-test.outputs.tools-url }} + - name: Build code + shell: bash + run: ./build.sh + - uses: ./../action/analyze + with: + output: ${{ runner.temp }}/results - - name: Check results - uses: ./../action/.github/actions/check-sarif - with: - sarif-file: ${{ runner.temp }}/results/javascript.sarif - queries-run: - javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block - queries-not-run: foo,bar + - name: Check results + uses: ./../action/.github/actions/check-sarif + with: + sarif-file: ${{ runner.temp }}/results/javascript.sarif + queries-run: + javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block + queries-not-run: foo,bar - - name: Assert Results - shell: bash - run: | - cd "$RUNNER_TEMP/results" - # We should have 4 hits from these rules - EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block" + - name: Assert Results + shell: bash + run: | + cd "$RUNNER_TEMP/results" + # We should have 4 hits from these rules + EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block" - # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace - RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)" - echo "Found matching rules '$RULES'" - if [ "$RULES" != "$EXPECTED_RULES" ]; then - echo "Did not match expected rules '$EXPECTED_RULES'." - exit 1 - fi + # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace + RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)" + echo "Found matching rules '$RULES'" + if [ "$RULES" != "$EXPECTED_RULES" ]; then + echo "Did not match expected rules '$EXPECTED_RULES'." + exit 1 + fi env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__remote-config.yml b/.github/workflows/__remote-config.yml index d0f0e0d83a..a46201f99b 100644 --- a/.github/workflows/__remote-config.yml +++ b/.github/workflows/__remote-config.yml @@ -11,62 +11,64 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: remote-config: strategy: matrix: include: - - os: ubuntu-latest - version: stable-20221211 - - os: macos-latest - version: stable-20221211 - - os: windows-latest - version: stable-20221211 - - os: ubuntu-latest - version: stable-20230418 - - os: macos-latest - version: stable-20230418 - - os: windows-latest - version: stable-20230418 - - os: ubuntu-latest - version: stable-v2.13.5 - - os: macos-latest - version: stable-v2.13.5 - - os: windows-latest - version: stable-v2.13.5 - - os: ubuntu-latest - version: stable-v2.14.6 - - os: macos-latest - version: stable-v2.14.6 - - os: windows-latest - version: stable-v2.14.6 - - os: ubuntu-latest - version: default - - os: macos-latest - version: default - - os: windows-latest - version: default - - os: ubuntu-latest - version: latest - - os: macos-latest - version: latest - - os: windows-latest - version: latest - - os: ubuntu-latest - version: nightly-latest - - os: macos-latest - version: nightly-latest - - os: windows-latest - version: nightly-latest + - os: ubuntu-latest + version: stable-20221211 + - os: macos-latest + version: stable-20221211 + - os: windows-latest + version: stable-20221211 + - os: ubuntu-latest + version: stable-20230418 + - os: macos-latest + version: stable-20230418 + - os: windows-latest + version: stable-20230418 + - os: ubuntu-latest + version: stable-v2.13.5 + - os: macos-latest + version: stable-v2.13.5 + - os: windows-latest + version: stable-v2.13.5 + - os: ubuntu-latest + version: stable-v2.14.6 + - os: macos-latest + version: stable-v2.14.6 + - os: windows-latest + version: stable-v2.14.6 + - os: ubuntu-latest + version: default + - os: macos-latest + version: default + - os: windows-latest + version: default + - os: ubuntu-latest + version: latest + - os: macos-latest + version: latest + - os: windows-latest + version: latest + - os: ubuntu-latest + version: nightly-latest + - os: macos-latest + version: nightly-latest + - os: windows-latest + version: nightly-latest name: Remote config file permissions: contents: read @@ -74,41 +76,41 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: ./../action/init - with: - tools: ${{ steps.prepare-test.outputs.tools-url }} - languages: cpp,csharp,java,javascript,python - config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ - github.sha }} - - name: Build code - shell: bash - run: ./build.sh - - uses: ./../action/analyze + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: ./../action/init + with: + tools: ${{ steps.prepare-test.outputs.tools-url }} + languages: cpp,csharp,java,javascript,python + config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ + github.sha }} + - name: Build code + shell: bash + run: ./build.sh + - uses: ./../action/analyze env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__resolve-environment-action.yml b/.github/workflows/__resolve-environment-action.yml index e6d5a6f294..e3146aeb23 100644 --- a/.github/workflows/__resolve-environment-action.yml +++ b/.github/workflows/__resolve-environment-action.yml @@ -11,44 +11,46 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: resolve-environment-action: strategy: matrix: include: - - os: ubuntu-latest - version: stable-v2.13.4 - - os: macos-latest - version: stable-v2.13.4 - - os: windows-latest - version: stable-v2.13.4 - - os: ubuntu-latest - version: default - - os: macos-latest - version: default - - os: windows-latest - version: default - - os: ubuntu-latest - version: latest - - os: macos-latest - version: latest - - os: windows-latest - version: latest - - os: ubuntu-latest - version: nightly-latest - - os: macos-latest - version: nightly-latest - - os: windows-latest - version: nightly-latest + - os: ubuntu-latest + version: stable-v2.13.4 + - os: macos-latest + version: stable-v2.13.4 + - os: windows-latest + version: stable-v2.13.4 + - os: ubuntu-latest + version: default + - os: macos-latest + version: default + - os: windows-latest + version: default + - os: ubuntu-latest + version: latest + - os: macos-latest + version: latest + - os: windows-latest + version: latest + - os: ubuntu-latest + version: nightly-latest + - os: macos-latest + version: nightly-latest + - os: windows-latest + version: nightly-latest name: Resolve environment permissions: contents: read @@ -56,58 +58,58 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: ./../action/init - with: - languages: ${{ matrix.version == 'stable-v2.13.4' && 'go' || 'go,javascript-typescript' - }} - tools: ${{ steps.prepare-test.outputs.tools-url }} + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: ./../action/init + with: + languages: ${{ matrix.version == 'stable-v2.13.4' && 'go' || 'go,javascript-typescript' + }} + tools: ${{ steps.prepare-test.outputs.tools-url }} - - name: Resolve environment for Go - uses: ./../action/resolve-environment - id: resolve-environment-go - with: - language: go + - name: Resolve environment for Go + uses: ./../action/resolve-environment + id: resolve-environment-go + with: + language: go - - name: Fail if Go configuration missing - if: (!fromJSON(steps.resolve-environment-go.outputs.environment).configuration.go) - run: exit 1 + - name: Fail if Go configuration missing + if: (!fromJSON(steps.resolve-environment-go.outputs.environment).configuration.go) + run: exit 1 - - name: Resolve environment for JavaScript/TypeScript - if: matrix.version != 'stable-v2.13.4' - uses: ./../action/resolve-environment - id: resolve-environment-js - with: - language: javascript-typescript + - name: Resolve environment for JavaScript/TypeScript + if: matrix.version != 'stable-v2.13.4' + uses: ./../action/resolve-environment + id: resolve-environment-js + with: + language: javascript-typescript - - name: Fail if JavaScript/TypeScript configuration present - if: matrix.version != 'stable-v2.13.4' && - fromJSON(steps.resolve-environment-js.outputs.environment).configuration.javascript - run: exit 1 + - name: Fail if JavaScript/TypeScript configuration present + if: matrix.version != 'stable-v2.13.4' && + fromJSON(steps.resolve-environment-js.outputs.environment).configuration.javascript + run: exit 1 env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__rubocop-multi-language.yml b/.github/workflows/__rubocop-multi-language.yml index 9017c3d9a1..41ebce88f7 100644 --- a/.github/workflows/__rubocop-multi-language.yml +++ b/.github/workflows/__rubocop-multi-language.yml @@ -11,22 +11,24 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: rubocop-multi-language: strategy: matrix: include: - - os: ubuntu-latest - version: default + - os: ubuntu-latest + version: default name: RuboCop multi-language permissions: contents: read @@ -34,51 +36,51 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - name: Set up Ruby - uses: ruby/setup-ruby@v1 - with: - ruby-version: 2.6 - - name: Install Code Scanning integration - shell: bash - run: bundle add code-scanning-rubocop --version 0.3.0 --skip-install - - name: Install dependencies - shell: bash - run: bundle install - - name: RuboCop run - shell: bash - run: | - bash -c " - bundle exec rubocop --require code_scanning --format CodeScanning::SarifFormatter -o rubocop.sarif - [[ $? -ne 2 ]] - " - - uses: ./../action/upload-sarif - with: - sarif_file: rubocop.sarif + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - name: Set up Ruby + uses: ruby/setup-ruby@v1 + with: + ruby-version: 2.6 + - name: Install Code Scanning integration + shell: bash + run: bundle add code-scanning-rubocop --version 0.3.0 --skip-install + - name: Install dependencies + shell: bash + run: bundle install + - name: RuboCop run + shell: bash + run: | + bash -c " + bundle exec rubocop --require code_scanning --format CodeScanning::SarifFormatter -o rubocop.sarif + [[ $? -ne 2 ]] + " + - uses: ./../action/upload-sarif + with: + sarif_file: rubocop.sarif env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__ruby.yml b/.github/workflows/__ruby.yml index 2e48a2847d..6271415446 100644 --- a/.github/workflows/__ruby.yml +++ b/.github/workflows/__ruby.yml @@ -11,32 +11,34 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: ruby: strategy: matrix: include: - - os: ubuntu-latest - version: latest - - os: macos-latest - version: latest - - os: ubuntu-latest - version: default - - os: macos-latest - version: default - - os: ubuntu-latest - version: nightly-latest - - os: macos-latest - version: nightly-latest + - os: ubuntu-latest + version: latest + - os: macos-latest + version: latest + - os: ubuntu-latest + version: default + - os: macos-latest + version: default + - os: ubuntu-latest + version: nightly-latest + - os: macos-latest + version: nightly-latest name: Ruby analysis permissions: contents: read @@ -44,47 +46,47 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: ./../action/init - with: - languages: ruby - tools: ${{ steps.prepare-test.outputs.tools-url }} - - uses: ./../action/analyze - id: analysis - with: - upload-database: false - - name: Check database - shell: bash - run: | - RUBY_DB="${{ fromJson(steps.analysis.outputs.db-locations).ruby }}" - if [[ ! -d "$RUBY_DB" ]]; then - echo "Did not create a database for Ruby." - exit 1 - fi + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: ./../action/init + with: + languages: ruby + tools: ${{ steps.prepare-test.outputs.tools-url }} + - uses: ./../action/analyze + id: analysis + with: + upload-database: false + - name: Check database + shell: bash + run: | + RUBY_DB="${{ fromJson(steps.analysis.outputs.db-locations).ruby }}" + if [[ ! -d "$RUBY_DB" ]]; then + echo "Did not create a database for Ruby." + exit 1 + fi env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__scaling-reserved-ram.yml b/.github/workflows/__scaling-reserved-ram.yml index 5ca51822fb..b7a737823f 100644 --- a/.github/workflows/__scaling-reserved-ram.yml +++ b/.github/workflows/__scaling-reserved-ram.yml @@ -11,48 +11,50 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: scaling-reserved-ram: strategy: matrix: include: - - os: ubuntu-latest - version: stable-20221211 - - os: macos-latest - version: stable-20221211 - - os: ubuntu-latest - version: stable-20230418 - - os: macos-latest - version: stable-20230418 - - os: ubuntu-latest - version: stable-v2.13.5 - - os: macos-latest - version: stable-v2.13.5 - - os: ubuntu-latest - version: stable-v2.14.6 - - os: macos-latest - version: stable-v2.14.6 - - os: ubuntu-latest - version: default - - os: macos-latest - version: default - - os: ubuntu-latest - version: latest - - os: macos-latest - version: latest - - os: ubuntu-latest - version: nightly-latest - - os: macos-latest - version: nightly-latest + - os: ubuntu-latest + version: stable-20221211 + - os: macos-latest + version: stable-20221211 + - os: ubuntu-latest + version: stable-20230418 + - os: macos-latest + version: stable-20230418 + - os: ubuntu-latest + version: stable-v2.13.5 + - os: macos-latest + version: stable-v2.13.5 + - os: ubuntu-latest + version: stable-v2.14.6 + - os: macos-latest + version: stable-v2.14.6 + - os: ubuntu-latest + version: default + - os: macos-latest + version: default + - os: ubuntu-latest + version: latest + - os: macos-latest + version: latest + - os: ubuntu-latest + version: nightly-latest + - os: macos-latest + version: nightly-latest name: Scaling reserved RAM permissions: contents: read @@ -60,50 +62,50 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: ./../action/init - id: init - with: - db-location: ${{ runner.temp }}/customDbLocation - tools: ${{ steps.prepare-test.outputs.tools-url }} + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: ./../action/init + id: init + with: + db-location: ${{ runner.temp }}/customDbLocation + tools: ${{ steps.prepare-test.outputs.tools-url }} - - uses: ./../action/.github/actions/setup-swift - with: - codeql-path: ${{ steps.init.outputs.codeql-path }} + - uses: ./../action/.github/actions/setup-swift + with: + codeql-path: ${{ steps.init.outputs.codeql-path }} - - name: Build code - shell: bash - run: ./build.sh + - name: Build code + shell: bash + run: ./build.sh - - uses: ./../action/analyze - id: analysis - with: - upload-database: false + - uses: ./../action/analyze + id: analysis + with: + upload-database: false env: CODEQL_ACTION_SCALING_RESERVED_RAM: true CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__split-workflow.yml b/.github/workflows/__split-workflow.yml index 11820f6ddb..f65cf5884b 100644 --- a/.github/workflows/__split-workflow.yml +++ b/.github/workflows/__split-workflow.yml @@ -11,32 +11,34 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: split-workflow: strategy: matrix: include: - - os: ubuntu-latest - version: latest - - os: macos-latest - version: latest - - os: ubuntu-latest - version: default - - os: macos-latest - version: default - - os: ubuntu-latest - version: nightly-latest - - os: macos-latest - version: nightly-latest + - os: ubuntu-latest + version: latest + - os: macos-latest + version: latest + - os: ubuntu-latest + version: default + - os: macos-latest + version: default + - os: ubuntu-latest + version: nightly-latest + - os: macos-latest + version: nightly-latest name: Split workflow permissions: contents: read @@ -44,71 +46,71 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: ./../action/init - with: - config-file: .github/codeql/codeql-config-packaging3.yml - packs: +codeql-testing/codeql-pack1@1.0.0 - languages: javascript - tools: ${{ steps.prepare-test.outputs.tools-url }} - - name: Build code - shell: bash - run: ./build.sh - - uses: ./../action/analyze - with: - skip-queries: true - output: ${{ runner.temp }}/results - upload-database: false + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: ./../action/init + with: + config-file: .github/codeql/codeql-config-packaging3.yml + packs: +codeql-testing/codeql-pack1@1.0.0 + languages: javascript + tools: ${{ steps.prepare-test.outputs.tools-url }} + - name: Build code + shell: bash + run: ./build.sh + - uses: ./../action/analyze + with: + skip-queries: true + output: ${{ runner.temp }}/results + upload-database: false - - name: Assert No Results - shell: bash - run: | - if [ "$(ls -A $RUNNER_TEMP/results)" ]; then - echo "Expected results directory to be empty after skipping query execution!" - exit 1 - fi - - uses: ./../action/analyze - with: - output: ${{ runner.temp }}/results - upload-database: false - - name: Assert Results - shell: bash - run: | - cd "$RUNNER_TEMP/results" - # We should have 4 hits from these rules - EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block" + - name: Assert No Results + shell: bash + run: | + if [ "$(ls -A $RUNNER_TEMP/results)" ]; then + echo "Expected results directory to be empty after skipping query execution!" + exit 1 + fi + - uses: ./../action/analyze + with: + output: ${{ runner.temp }}/results + upload-database: false + - name: Assert Results + shell: bash + run: | + cd "$RUNNER_TEMP/results" + # We should have 4 hits from these rules + EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block" - # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace - RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)" - echo "Found matching rules '$RULES'" - if [ "$RULES" != "$EXPECTED_RULES" ]; then - echo "Did not match expected rules '$EXPECTED_RULES'." - exit 1 - fi + # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace + RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)" + echo "Found matching rules '$RULES'" + if [ "$RULES" != "$EXPECTED_RULES" ]; then + echo "Did not match expected rules '$EXPECTED_RULES'." + exit 1 + fi env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__submit-sarif-failure.yml b/.github/workflows/__submit-sarif-failure.yml index a50dc1aa92..c484810c8c 100644 --- a/.github/workflows/__submit-sarif-failure.yml +++ b/.github/workflows/__submit-sarif-failure.yml @@ -11,26 +11,28 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: submit-sarif-failure: strategy: matrix: include: - - os: ubuntu-latest - version: latest - - os: ubuntu-latest - version: default - - os: ubuntu-latest - version: nightly-latest + - os: ubuntu-latest + version: latest + - os: ubuntu-latest + version: default + - os: ubuntu-latest + version: nightly-latest name: Submit SARIF after failure permissions: contents: read @@ -38,49 +40,49 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: actions/checkout@v4 - - uses: ./init - with: - languages: javascript - - name: Fail + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: actions/checkout@v4 + - uses: ./init + with: + languages: javascript + - name: Fail # We want this job to pass if the Action correctly uploads the SARIF file for # the failed run. # Setting this step to continue on error means that it is marked as completing # successfully, so will not fail the job. - continue-on-error: true - run: exit 1 - - uses: ./analyze + continue-on-error: true + run: exit 1 + - uses: ./analyze # In a real workflow, this step wouldn't run. Since we used `continue-on-error` # above, we manually disable it with an `if` condition. - if: false - with: - category: /test-codeql-version:${{ matrix.version }} + if: false + with: + category: /test-codeql-version:${{ matrix.version }} env: # Internal-only environment variable used to indicate that the post-init Action # should expect to upload a SARIF file for the failed run. diff --git a/.github/workflows/__swift-custom-build.yml b/.github/workflows/__swift-custom-build.yml index 1643444139..4f4ff65eef 100644 --- a/.github/workflows/__swift-custom-build.yml +++ b/.github/workflows/__swift-custom-build.yml @@ -11,32 +11,34 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: swift-custom-build: strategy: matrix: include: - - os: ubuntu-latest - version: latest - - os: macos-latest - version: latest - - os: ubuntu-latest - version: default - - os: macos-latest - version: default - - os: ubuntu-latest - version: nightly-latest - - os: macos-latest - version: nightly-latest + - os: ubuntu-latest + version: latest + - os: macos-latest + version: latest + - os: ubuntu-latest + version: default + - os: macos-latest + version: default + - os: ubuntu-latest + version: nightly-latest + - os: macos-latest + version: nightly-latest name: Swift analysis using a custom build command permissions: contents: read @@ -44,58 +46,58 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: ./../action/init - id: init - with: - languages: swift - tools: ${{ steps.prepare-test.outputs.tools-url }} - - uses: ./../action/.github/actions/setup-swift - with: - codeql-path: ${{steps.init.outputs.codeql-path}} - - name: Check working directory - shell: bash - run: pwd - - name: Build code - shell: bash - run: ./build.sh - - uses: ./../action/analyze - id: analysis - with: - upload-database: false - - name: Check database - shell: bash - run: | - SWIFT_DB="${{ fromJson(steps.analysis.outputs.db-locations).swift }}" - if [[ ! -d "$SWIFT_DB" ]]; then - echo "Did not create a database for Swift." - exit 1 - fi + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: ./../action/init + id: init + with: + languages: swift + tools: ${{ steps.prepare-test.outputs.tools-url }} + - uses: ./../action/.github/actions/setup-swift + with: + codeql-path: ${{steps.init.outputs.codeql-path}} + - name: Check working directory + shell: bash + run: pwd + - name: Build code + shell: bash + run: ./build.sh + - uses: ./../action/analyze + id: analysis + with: + upload-database: false + - name: Check database + shell: bash + run: | + SWIFT_DB="${{ fromJson(steps.analysis.outputs.db-locations).swift }}" + if [[ ! -d "$SWIFT_DB" ]]; then + echo "Did not create a database for Swift." + exit 1 + fi env: DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false' CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__test-autobuild-working-dir.yml b/.github/workflows/__test-autobuild-working-dir.yml index 658f93e95a..d9db7683f4 100644 --- a/.github/workflows/__test-autobuild-working-dir.yml +++ b/.github/workflows/__test-autobuild-working-dir.yml @@ -11,22 +11,24 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: test-autobuild-working-dir: strategy: matrix: include: - - os: ubuntu-latest - version: latest + - os: ubuntu-latest + version: latest name: Autobuild working directory permissions: contents: read @@ -34,56 +36,56 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - name: Test setup - shell: bash - run: | - # Make sure that Gradle build succeeds in autobuild-dir ... - cp -a ../action/tests/java-repo autobuild-dir - # ... and fails if attempted in the current directory - echo > build.gradle - - uses: ./../action/init - with: - languages: java - tools: ${{ steps.prepare-test.outputs.tools-url }} - - uses: ./../action/autobuild - with: - working-directory: autobuild-dir - - uses: ./../action/analyze - with: - upload-database: false - - name: Check database - shell: bash - run: | - cd "$RUNNER_TEMP/codeql_databases" - if [[ ! -d java ]]; then - echo "Did not find a Java database" - exit 1 - fi + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - name: Test setup + shell: bash + run: | + # Make sure that Gradle build succeeds in autobuild-dir ... + cp -a ../action/tests/java-repo autobuild-dir + # ... and fails if attempted in the current directory + echo > build.gradle + - uses: ./../action/init + with: + languages: java + tools: ${{ steps.prepare-test.outputs.tools-url }} + - uses: ./../action/autobuild + with: + working-directory: autobuild-dir + - uses: ./../action/analyze + with: + upload-database: false + - name: Check database + shell: bash + run: | + cd "$RUNNER_TEMP/codeql_databases" + if [[ ! -d java ]]; then + echo "Did not find a Java database" + exit 1 + fi env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__test-local-codeql.yml b/.github/workflows/__test-local-codeql.yml index c4e85c2b5c..5dc36f873d 100644 --- a/.github/workflows/__test-local-codeql.yml +++ b/.github/workflows/__test-local-codeql.yml @@ -11,22 +11,24 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: test-local-codeql: strategy: matrix: include: - - os: ubuntu-latest - version: nightly-latest + - os: ubuntu-latest + version: nightly-latest name: Local CodeQL bundle permissions: contents: read @@ -34,50 +36,50 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - name: Fetch a CodeQL bundle - shell: bash - env: - CODEQL_URL: ${{ steps.prepare-test.outputs.tools-url }} - run: | - wget "$CODEQL_URL" - - id: init - uses: ./../action/init - with: - tools: ./codeql-bundle-linux64.tar.gz - - uses: ./../action/.github/actions/setup-swift - with: - codeql-path: ${{ steps.init.outputs.codeql-path }} - - name: Build code - shell: bash - run: ./build.sh - - uses: ./../action/analyze - with: - upload-database: false + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - name: Fetch a CodeQL bundle + shell: bash + env: + CODEQL_URL: ${{ steps.prepare-test.outputs.tools-url }} + run: | + wget "$CODEQL_URL" + - id: init + uses: ./../action/init + with: + tools: ./codeql-bundle-linux64.tar.gz + - uses: ./../action/.github/actions/setup-swift + with: + codeql-path: ${{ steps.init.outputs.codeql-path }} + - name: Build code + shell: bash + run: ./build.sh + - uses: ./../action/analyze + with: + upload-database: false env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__test-proxy.yml b/.github/workflows/__test-proxy.yml index b393677071..89f3aa2fdd 100644 --- a/.github/workflows/__test-proxy.yml +++ b/.github/workflows/__test-proxy.yml @@ -11,22 +11,24 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: test-proxy: strategy: matrix: include: - - os: ubuntu-latest - version: latest + - os: ubuntu-latest + version: latest name: Proxy test permissions: contents: read @@ -34,39 +36,39 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: ./../action/init - with: - languages: javascript - tools: ${{ steps.prepare-test.outputs.tools-url }} - - uses: ./../action/analyze - with: - upload-database: false + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: ./../action/init + with: + languages: javascript + tools: ${{ steps.prepare-test.outputs.tools-url }} + - uses: ./../action/analyze + with: + upload-database: false env: https_proxy: http://squid-proxy:3128 CODEQL_ACTION_TEST_MODE: true @@ -77,4 +79,4 @@ jobs: squid-proxy: image: ubuntu/squid:latest ports: - - 3128:3128 + - 3128:3128 diff --git a/.github/workflows/__unset-environment.yml b/.github/workflows/__unset-environment.yml index f8dd0defe6..c138451b8a 100644 --- a/.github/workflows/__unset-environment.yml +++ b/.github/workflows/__unset-environment.yml @@ -11,34 +11,36 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: unset-environment: strategy: matrix: include: - - os: ubuntu-latest - version: stable-20221211 - - os: ubuntu-latest - version: stable-20230418 - - os: ubuntu-latest - version: stable-v2.13.5 - - os: ubuntu-latest - version: stable-v2.14.6 - - os: ubuntu-latest - version: default - - os: ubuntu-latest - version: latest - - os: ubuntu-latest - version: nightly-latest + - os: ubuntu-latest + version: stable-20221211 + - os: ubuntu-latest + version: stable-20230418 + - os: ubuntu-latest + version: stable-v2.13.5 + - os: ubuntu-latest + version: stable-v2.14.6 + - os: ubuntu-latest + version: default + - os: ubuntu-latest + version: latest + - os: ubuntu-latest + version: nightly-latest name: Test unsetting environment variables permissions: contents: read @@ -46,87 +48,87 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: ./../action/init - id: init - with: - db-location: ${{ runner.temp }}/customDbLocation - tools: ${{ steps.prepare-test.outputs.tools-url }} - - uses: ./../action/.github/actions/setup-swift - with: - codeql-path: ${{ steps.init.outputs.codeql-path }} - - name: Build code - shell: bash + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: ./../action/init + id: init + with: + db-location: ${{ runner.temp }}/customDbLocation + tools: ${{ steps.prepare-test.outputs.tools-url }} + - uses: ./../action/.github/actions/setup-swift + with: + codeql-path: ${{ steps.init.outputs.codeql-path }} + - name: Build code + shell: bash # Disable Kotlin analysis while it's incompatible with Kotlin 1.8, until we find a # workaround for our PR checks. - run: env -i CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN=true PATH="$PATH" HOME="$HOME" - ./build.sh - - uses: ./../action/analyze - id: analysis - with: - upload-database: false - - shell: bash - run: | - CPP_DB="${{ fromJson(steps.analysis.outputs.db-locations).cpp }}" - if [[ ! -d "$CPP_DB" ]] || [[ ! "$CPP_DB" == "${RUNNER_TEMP}/customDbLocation/cpp" ]]; then - echo "::error::Did not create a database for CPP, or created it in the wrong location." \ - "Expected location was '${RUNNER_TEMP}/customDbLocation/cpp' but actual was '${CPP_DB}'" - exit 1 - fi - CSHARP_DB="${{ fromJson(steps.analysis.outputs.db-locations).csharp }}" - if [[ ! -d "$CSHARP_DB" ]] || [[ ! "$CSHARP_DB" == "${RUNNER_TEMP}/customDbLocation/csharp" ]]; then - echo "::error::Did not create a database for C Sharp, or created it in the wrong location." \ - "Expected location was '${RUNNER_TEMP}/customDbLocation/csharp' but actual was '${CSHARP_DB}'" - exit 1 - fi - GO_DB="${{ fromJson(steps.analysis.outputs.db-locations).go }}" - if [[ ! -d "$GO_DB" ]] || [[ ! "$GO_DB" == "${RUNNER_TEMP}/customDbLocation/go" ]]; then - echo "::error::Did not create a database for Go, or created it in the wrong location." \ - "Expected location was '${RUNNER_TEMP}/customDbLocation/go' but actual was '${GO_DB}'" - exit 1 - fi - JAVA_DB="${{ fromJson(steps.analysis.outputs.db-locations).java }}" - if [[ ! -d "$JAVA_DB" ]] || [[ ! "$JAVA_DB" == "${RUNNER_TEMP}/customDbLocation/java" ]]; then - echo "::error::Did not create a database for Java, or created it in the wrong location." \ - "Expected location was '${RUNNER_TEMP}/customDbLocation/java' but actual was '${JAVA_DB}'" - exit 1 - fi - JAVASCRIPT_DB="${{ fromJson(steps.analysis.outputs.db-locations).javascript }}" - if [[ ! -d "$JAVASCRIPT_DB" ]] || [[ ! "$JAVASCRIPT_DB" == "${RUNNER_TEMP}/customDbLocation/javascript" ]]; then - echo "::error::Did not create a database for Javascript, or created it in the wrong location." \ - "Expected location was '${RUNNER_TEMP}/customDbLocation/javascript' but actual was '${JAVASCRIPT_DB}'" - exit 1 - fi - PYTHON_DB="${{ fromJson(steps.analysis.outputs.db-locations).python }}" - if [[ ! -d "$PYTHON_DB" ]] || [[ ! "$PYTHON_DB" == "${RUNNER_TEMP}/customDbLocation/python" ]]; then - echo "::error::Did not create a database for Python, or created it in the wrong location." \ - "Expected location was '${RUNNER_TEMP}/customDbLocation/python' but actual was '${PYTHON_DB}'" - exit 1 - fi + run: env -i CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN=true PATH="$PATH" HOME="$HOME" + ./build.sh + - uses: ./../action/analyze + id: analysis + with: + upload-database: false + - shell: bash + run: | + CPP_DB="${{ fromJson(steps.analysis.outputs.db-locations).cpp }}" + if [[ ! -d "$CPP_DB" ]] || [[ ! "$CPP_DB" == "${RUNNER_TEMP}/customDbLocation/cpp" ]]; then + echo "::error::Did not create a database for CPP, or created it in the wrong location." \ + "Expected location was '${RUNNER_TEMP}/customDbLocation/cpp' but actual was '${CPP_DB}'" + exit 1 + fi + CSHARP_DB="${{ fromJson(steps.analysis.outputs.db-locations).csharp }}" + if [[ ! -d "$CSHARP_DB" ]] || [[ ! "$CSHARP_DB" == "${RUNNER_TEMP}/customDbLocation/csharp" ]]; then + echo "::error::Did not create a database for C Sharp, or created it in the wrong location." \ + "Expected location was '${RUNNER_TEMP}/customDbLocation/csharp' but actual was '${CSHARP_DB}'" + exit 1 + fi + GO_DB="${{ fromJson(steps.analysis.outputs.db-locations).go }}" + if [[ ! -d "$GO_DB" ]] || [[ ! "$GO_DB" == "${RUNNER_TEMP}/customDbLocation/go" ]]; then + echo "::error::Did not create a database for Go, or created it in the wrong location." \ + "Expected location was '${RUNNER_TEMP}/customDbLocation/go' but actual was '${GO_DB}'" + exit 1 + fi + JAVA_DB="${{ fromJson(steps.analysis.outputs.db-locations).java }}" + if [[ ! -d "$JAVA_DB" ]] || [[ ! "$JAVA_DB" == "${RUNNER_TEMP}/customDbLocation/java" ]]; then + echo "::error::Did not create a database for Java, or created it in the wrong location." \ + "Expected location was '${RUNNER_TEMP}/customDbLocation/java' but actual was '${JAVA_DB}'" + exit 1 + fi + JAVASCRIPT_DB="${{ fromJson(steps.analysis.outputs.db-locations).javascript }}" + if [[ ! -d "$JAVASCRIPT_DB" ]] || [[ ! "$JAVASCRIPT_DB" == "${RUNNER_TEMP}/customDbLocation/javascript" ]]; then + echo "::error::Did not create a database for Javascript, or created it in the wrong location." \ + "Expected location was '${RUNNER_TEMP}/customDbLocation/javascript' but actual was '${JAVASCRIPT_DB}'" + exit 1 + fi + PYTHON_DB="${{ fromJson(steps.analysis.outputs.db-locations).python }}" + if [[ ! -d "$PYTHON_DB" ]] || [[ ! "$PYTHON_DB" == "${RUNNER_TEMP}/customDbLocation/python" ]]; then + echo "::error::Did not create a database for Python, or created it in the wrong location." \ + "Expected location was '${RUNNER_TEMP}/customDbLocation/python' but actual was '${PYTHON_DB}'" + exit 1 + fi env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__upload-ref-sha-input.yml b/.github/workflows/__upload-ref-sha-input.yml index 37f0e6a16b..74a46713a1 100644 --- a/.github/workflows/__upload-ref-sha-input.yml +++ b/.github/workflows/__upload-ref-sha-input.yml @@ -11,26 +11,28 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: upload-ref-sha-input: strategy: matrix: include: - - os: ubuntu-latest - version: default - - os: macos-latest - version: default - - os: windows-latest - version: default + - os: ubuntu-latest + version: default + - os: macos-latest + version: default + - os: windows-latest + version: default name: "Upload-sarif: 'ref' and 'sha' from inputs" permissions: contents: read @@ -38,50 +40,50 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: ./../action/init - with: - tools: ${{ steps.prepare-test.outputs.tools-url }} - languages: cpp,csharp,java,javascript,python - config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ - github.sha }} - - name: Build code - shell: bash - run: ./build.sh - - uses: ./../action/analyze - with: - upload-database: false - ref: refs/heads/main - sha: 5e235361806c361d4d3f8859e3c897658025a9a2 - upload: never - - uses: ./../action/upload-sarif - with: - ref: refs/heads/main - sha: 5e235361806c361d4d3f8859e3c897658025a9a2 + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: ./../action/init + with: + tools: ${{ steps.prepare-test.outputs.tools-url }} + languages: cpp,csharp,java,javascript,python + config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ + github.sha }} + - name: Build code + shell: bash + run: ./build.sh + - uses: ./../action/analyze + with: + upload-database: false + ref: refs/heads/main + sha: 5e235361806c361d4d3f8859e3c897658025a9a2 + upload: never + - uses: ./../action/upload-sarif + with: + ref: refs/heads/main + sha: 5e235361806c361d4d3f8859e3c897658025a9a2 env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__with-checkout-path.yml b/.github/workflows/__with-checkout-path.yml index 22f3960e2e..a41cce7a41 100644 --- a/.github/workflows/__with-checkout-path.yml +++ b/.github/workflows/__with-checkout-path.yml @@ -11,26 +11,28 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: with-checkout-path: strategy: matrix: include: - - os: ubuntu-latest - version: latest - - os: macos-latest - version: latest - - os: windows-latest - version: latest + - os: ubuntu-latest + version: latest + - os: macos-latest + version: latest + - os: windows-latest + version: latest name: Use a custom `checkout_path` permissions: contents: read @@ -38,100 +40,100 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - name: Delete original checkout - shell: bash - run: | - # delete the original checkout so we don't accidentally use it. - # Actions does not support deleting the current working directory, so we - # delete the contents of the directory instead. - rm -rf ./* .github .git + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - name: Delete original checkout + shell: bash + run: | + # delete the original checkout so we don't accidentally use it. + # Actions does not support deleting the current working directory, so we + # delete the contents of the directory instead. + rm -rf ./* .github .git # Check out the actions repo again, but at a different location. # choose an arbitrary SHA so that we can later test that the commit_oid is not from main - - uses: actions/checkout@v4 - with: - ref: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6 - path: x/y/z/some-path + - uses: actions/checkout@v4 + with: + ref: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6 + path: x/y/z/some-path - - uses: ./../action/init - with: - tools: ${{ steps.prepare-test.outputs.tools-url }} + - uses: ./../action/init + with: + tools: ${{ steps.prepare-test.outputs.tools-url }} # it's enough to test one compiled language and one interpreted language - languages: csharp,javascript - source-root: x/y/z/some-path/tests/multi-language-repo + languages: csharp,javascript + source-root: x/y/z/some-path/tests/multi-language-repo - - name: Build code - shell: bash - working-directory: x/y/z/some-path/tests/multi-language-repo - run: | - ./build.sh + - name: Build code + shell: bash + working-directory: x/y/z/some-path/tests/multi-language-repo + run: | + ./build.sh - - uses: ./../action/analyze - with: - checkout_path: x/y/z/some-path/tests/multi-language-repo - ref: v1.1.0 - sha: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6 - upload: never - upload-database: false + - uses: ./../action/analyze + with: + checkout_path: x/y/z/some-path/tests/multi-language-repo + ref: v1.1.0 + sha: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6 + upload: never + upload-database: false - - uses: ./../action/upload-sarif - with: - ref: v1.1.0 - sha: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6 - checkout_path: x/y/z/some-path/tests/multi-language-repo + - uses: ./../action/upload-sarif + with: + ref: v1.1.0 + sha: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6 + checkout_path: x/y/z/some-path/tests/multi-language-repo - - name: Verify SARIF after upload - shell: bash - run: | - EXPECTED_COMMIT_OID="474bbf07f9247ffe1856c6a0f94aeeb10e7afee6" - EXPECTED_REF="v1.1.0" - EXPECTED_CHECKOUT_URI_SUFFIX="/x/y/z/some-path/tests/multi-language-repo" + - name: Verify SARIF after upload + shell: bash + run: | + EXPECTED_COMMIT_OID="474bbf07f9247ffe1856c6a0f94aeeb10e7afee6" + EXPECTED_REF="v1.1.0" + EXPECTED_CHECKOUT_URI_SUFFIX="/x/y/z/some-path/tests/multi-language-repo" - ACTUAL_COMMIT_OID="$(cat "$RUNNER_TEMP/payload.json" | jq -r .commit_oid)" - ACTUAL_REF="$(cat "$RUNNER_TEMP/payload.json" | jq -r .ref)" - ACTUAL_CHECKOUT_URI="$(cat "$RUNNER_TEMP/payload.json" | jq -r .checkout_uri)" + ACTUAL_COMMIT_OID="$(cat "$RUNNER_TEMP/payload.json" | jq -r .commit_oid)" + ACTUAL_REF="$(cat "$RUNNER_TEMP/payload.json" | jq -r .ref)" + ACTUAL_CHECKOUT_URI="$(cat "$RUNNER_TEMP/payload.json" | jq -r .checkout_uri)" - if [[ "$EXPECTED_COMMIT_OID" != "$ACTUAL_COMMIT_OID" ]]; then - echo "::error Invalid commit oid. Expected: $EXPECTED_COMMIT_OID Actual: $ACTUAL_COMMIT_OID" - echo "$RUNNER_TEMP/payload.json" - exit 1 - fi + if [[ "$EXPECTED_COMMIT_OID" != "$ACTUAL_COMMIT_OID" ]]; then + echo "::error Invalid commit oid. Expected: $EXPECTED_COMMIT_OID Actual: $ACTUAL_COMMIT_OID" + echo "$RUNNER_TEMP/payload.json" + exit 1 + fi - if [[ "$EXPECTED_REF" != "$ACTUAL_REF" ]]; then - echo "::error Invalid ref. Expected: '$EXPECTED_REF' Actual: '$ACTUAL_REF'" - echo "$RUNNER_TEMP/payload.json" - exit 1 - fi + if [[ "$EXPECTED_REF" != "$ACTUAL_REF" ]]; then + echo "::error Invalid ref. Expected: '$EXPECTED_REF' Actual: '$ACTUAL_REF'" + echo "$RUNNER_TEMP/payload.json" + exit 1 + fi - if [[ "$ACTUAL_CHECKOUT_URI" != *$EXPECTED_CHECKOUT_URI_SUFFIX ]]; then - echo "::error Invalid checkout URI suffix. Expected suffix: $EXPECTED_CHECKOUT_URI_SUFFIX Actual uri: $ACTUAL_CHECKOUT_URI" - echo "$RUNNER_TEMP/payload.json" - exit 1 - fi + if [[ "$ACTUAL_CHECKOUT_URI" != *$EXPECTED_CHECKOUT_URI_SUFFIX ]]; then + echo "::error Invalid checkout URI suffix. Expected suffix: $EXPECTED_CHECKOUT_URI_SUFFIX Actual uri: $ACTUAL_CHECKOUT_URI" + echo "$RUNNER_TEMP/payload.json" + exit 1 + fi env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/codescanning-config-cli.yml b/.github/workflows/codescanning-config-cli.yml index 37e174635f..eb59639243 100644 --- a/.github/workflows/codescanning-config-cli.yml +++ b/.github/workflows/codescanning-config-cli.yml @@ -15,6 +15,8 @@ on: - synchronize - reopened - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: diff --git a/.github/workflows/debug-artifacts-failure.yml b/.github/workflows/debug-artifacts-failure.yml index fe15737853..cbafc70f18 100644 --- a/.github/workflows/debug-artifacts-failure.yml +++ b/.github/workflows/debug-artifacts-failure.yml @@ -17,6 +17,8 @@ on: - synchronize - reopened - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: upload-artifacts: diff --git a/.github/workflows/debug-artifacts.yml b/.github/workflows/debug-artifacts.yml index a10ca211c3..cbe79731f7 100644 --- a/.github/workflows/debug-artifacts.yml +++ b/.github/workflows/debug-artifacts.yml @@ -16,6 +16,8 @@ on: - synchronize - reopened - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: upload-artifacts: diff --git a/.github/workflows/expected-queries-runs.yml b/.github/workflows/expected-queries-runs.yml index 59c36b7dad..10d080adaa 100644 --- a/.github/workflows/expected-queries-runs.yml +++ b/.github/workflows/expected-queries-runs.yml @@ -11,6 +11,8 @@ on: - synchronize - reopened - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: diff --git a/.github/workflows/query-filters.yml b/.github/workflows/query-filters.yml index b13e26577b..4bc9ea25aa 100644 --- a/.github/workflows/query-filters.yml +++ b/.github/workflows/query-filters.yml @@ -11,6 +11,8 @@ on: - synchronize - reopened - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: diff --git a/.github/workflows/test-codeql-bundle-all.yml b/.github/workflows/test-codeql-bundle-all.yml index 0ea140261b..5c8e16068b 100644 --- a/.github/workflows/test-codeql-bundle-all.yml +++ b/.github/workflows/test-codeql-bundle-all.yml @@ -16,6 +16,8 @@ on: - synchronize - reopened - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: test-codeql-bundle-all: diff --git a/pr-checks/sync.py b/pr-checks/sync.py index 6961c5c07a..5dc176562a 100755 --- a/pr-checks/sync.py +++ b/pr-checks/sync.py @@ -1,7 +1,7 @@ #!/usr/bin/env python import ruamel.yaml -from ruamel.yaml.scalarstring import FoldedScalarString +from ruamel.yaml.scalarstring import FoldedScalarString, SingleQuotedScalarString import pathlib import textwrap @@ -46,6 +46,7 @@ def writeHeader(checkStream): yaml = ruamel.yaml.YAML() yaml.Representer = NonAliasingRTRepresenter +yaml.indent(mapping=2, sequence=4, offset=2) this_dir = pathlib.Path(__file__).resolve().parent @@ -157,6 +158,7 @@ def writeHeader(checkStream): 'pull_request': { 'types': ["opened", "synchronize", "reopened", "ready_for_review"] }, + 'schedule': [{'cron': SingleQuotedScalarString('0 5 * * *')}], 'workflow_dispatch': {} }, 'jobs': {