robojerk/codeql-action

Merge pull request #1341 from github/update-v2.1.30-cd983e71

Browse source 
Merge main into releases/v2
This commit is contained in:
Henry Mercer 2022-11-02 12:09:34 +00:00 committed by GitHub
commit 18fe527fa8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
55 changed files with 280 additions and 214 deletions
Download patch file Download diff file Expand all files Collapse all files

16
.github/workflows/__analyze-ref-input.yml generated vendored
View file

@ -25,19 +25,19 @@ jobs:
strategy:
matrix:
include:
- os: ubuntu-latest
- os: ubuntu-20.04
version: stable-20210308
- os: macos-latest
version: stable-20210308
- os: windows-2019
version: stable-20210308
- os: ubuntu-latest
- os: ubuntu-20.04
version: stable-20210319
- os: macos-latest
version: stable-20210319
- os: windows-2019
version: stable-20210319
- os: ubuntu-latest
- os: ubuntu-20.04
version: stable-20210809
- os: macos-latest
version: stable-20210809
@ -47,23 +47,19 @@ jobs:
version: cached
- os: macos-latest
version: cached
- os: windows-2019
- os: windows-latest
version: cached
- os: ubuntu-latest
version: latest
- os: macos-latest
version: latest
- os: windows-2019
version: latest
- os: windows-2022
- os: windows-latest
version: latest
- os: ubuntu-latest
version: nightly-latest
- os: macos-latest
version: nightly-latest
- os: windows-2019
version: nightly-latest
- os: windows-2022
- os: windows-latest
version: nightly-latest
name: "Analyze: 'ref' and 'sha' from inputs"
timeout-minutes: 45

4
.github/workflows/__autobuild-action.yml generated vendored
View file

@ -29,9 +29,7 @@ jobs:
version: latest
- os: macos-latest
version: latest
- os: windows-2019
version: latest
- os: windows-2022
- os: windows-latest
version: latest
name: autobuild-action
timeout-minutes: 45

16
.github/workflows/__go-custom-queries.yml generated vendored
View file

@ -25,19 +25,19 @@ jobs:
strategy:
matrix:
include:
- os: ubuntu-latest
- os: ubuntu-20.04
version: stable-20210308
- os: macos-latest
version: stable-20210308
- os: windows-2019
version: stable-20210308
- os: ubuntu-latest
- os: ubuntu-20.04
version: stable-20210319
- os: macos-latest
version: stable-20210319
- os: windows-2019
version: stable-20210319
- os: ubuntu-latest
- os: ubuntu-20.04
version: stable-20210809
- os: macos-latest
version: stable-20210809
@ -47,23 +47,19 @@ jobs:
version: cached
- os: macos-latest
version: cached
- os: windows-2019
- os: windows-latest
version: cached
- os: ubuntu-latest
version: latest
- os: macos-latest
version: latest
- os: windows-2019
version: latest
- os: windows-2022
- os: windows-latest
version: latest
- os: ubuntu-latest
version: nightly-latest
- os: macos-latest
version: nightly-latest
- os: windows-2019
version: nightly-latest
- os: windows-2022
- os: windows-latest
version: nightly-latest
name: 'Go: Custom queries'
timeout-minutes: 45

6
.github/workflows/__go-custom-tracing-autobuild.yml generated vendored
View file

@ -25,15 +25,15 @@ jobs:
strategy:
matrix:
include:
- os: ubuntu-latest
- os: ubuntu-20.04
version: stable-20210308
- os: macos-latest
version: stable-20210308
- os: ubuntu-latest
- os: ubuntu-20.04
version: stable-20210319
- os: macos-latest
version: stable-20210319
- os: ubuntu-latest
- os: ubuntu-20.04
version: stable-20210809
- os: macos-latest
version: stable-20210809

16
.github/workflows/__go-custom-tracing.yml generated vendored
View file

@ -25,19 +25,19 @@ jobs:
strategy:
matrix:
include:
- os: ubuntu-latest
- os: ubuntu-20.04
version: stable-20210308
- os: macos-latest
version: stable-20210308
- os: windows-2019
version: stable-20210308
- os: ubuntu-latest
- os: ubuntu-20.04
version: stable-20210319
- os: macos-latest
version: stable-20210319
- os: windows-2019
version: stable-20210319
- os: ubuntu-latest
- os: ubuntu-20.04
version: stable-20210809
- os: macos-latest
version: stable-20210809
@ -47,23 +47,19 @@ jobs:
version: cached
- os: macos-latest
version: cached
- os: windows-2019
- os: windows-latest
version: cached
- os: ubuntu-latest
version: latest
- os: macos-latest
version: latest
- os: windows-2019
version: latest
- os: windows-2022
- os: windows-latest
version: latest
- os: ubuntu-latest
version: nightly-latest
- os: macos-latest
version: nightly-latest
- os: windows-2019
version: nightly-latest
- os: windows-2022
- os: windows-latest
version: nightly-latest
name: 'Go: Custom tracing'
timeout-minutes: 45

6
.github/workflows/__go-reconciled-tracing-autobuilder.yml generated vendored
View file

@ -25,15 +25,15 @@ jobs:
strategy:
matrix:
include:
- os: ubuntu-latest
- os: ubuntu-20.04
version: stable-20210308
- os: macos-latest
version: stable-20210308
- os: ubuntu-latest
- os: ubuntu-20.04
version: stable-20210319
- os: macos-latest
version: stable-20210319
- os: ubuntu-latest
- os: ubuntu-20.04
version: stable-20210809
- os: macos-latest
version: stable-20210809

16
.github/workflows/__go-reconciled-tracing-custom-build-steps.yml generated vendored
View file

@ -25,19 +25,19 @@ jobs:
strategy:
matrix:
include:
- os: ubuntu-latest
- os: ubuntu-20.04
version: stable-20210308
- os: macos-latest
version: stable-20210308
- os: windows-2019
version: stable-20210308
- os: ubuntu-latest
- os: ubuntu-20.04
version: stable-20210319
- os: macos-latest
version: stable-20210319
- os: windows-2019
version: stable-20210319
- os: ubuntu-latest
- os: ubuntu-20.04
version: stable-20210809
- os: macos-latest
version: stable-20210809
@ -47,23 +47,19 @@ jobs:
version: cached
- os: macos-latest
version: cached
- os: windows-2019
- os: windows-latest
version: cached
- os: ubuntu-latest
version: latest
- os: macos-latest
version: latest
- os: windows-2019
version: latest
- os: windows-2022
- os: windows-latest
version: latest
- os: ubuntu-latest
version: nightly-latest
- os: macos-latest
version: nightly-latest
- os: windows-2019
version: nightly-latest
- os: windows-2022
- os: windows-latest
version: nightly-latest
name: 'Go: Reconciled tracing with custom build steps'
timeout-minutes: 45

6
.github/workflows/__go-reconciled-tracing-legacy-workflow.yml generated vendored
View file

@ -25,15 +25,15 @@ jobs:
strategy:
matrix:
include:
- os: ubuntu-latest
- os: ubuntu-20.04
version: stable-20210308
- os: macos-latest
version: stable-20210308
- os: ubuntu-latest
- os: ubuntu-20.04
version: stable-20210319
- os: macos-latest
version: stable-20210319
- os: ubuntu-latest
- os: ubuntu-20.04
version: stable-20210809
- os: macos-latest
version: stable-20210809

4
.github/workflows/__init-with-registries.yml generated vendored
View file

@ -29,9 +29,7 @@ jobs:
version: nightly-latest
- os: macos-latest
version: nightly-latest
- os: windows-2019
version: nightly-latest
- os: windows-2022
- os: windows-latest
version: nightly-latest
name: 'Packaging: Download using registries'
timeout-minutes: 45

6
.github/workflows/__multi-language-autodetect.yml generated vendored
View file

@ -25,15 +25,15 @@ jobs:
strategy:
matrix:
include:
- os: ubuntu-latest
- os: ubuntu-20.04
version: stable-20210308
- os: macos-latest
version: stable-20210308
- os: ubuntu-latest
- os: ubuntu-20.04
version: stable-20210319
- os: macos-latest
version: stable-20210319
- os: ubuntu-latest
- os: ubuntu-20.04
version: stable-20210809
- os: macos-latest
version: stable-20210809

10
.github/workflows/__packaging-codescanning-config-inputs-js.yml generated vendored
View file

@ -29,23 +29,19 @@ jobs:
version: latest
- os: macos-latest
version: latest
- os: windows-2019
version: latest
- os: windows-2022
- os: windows-latest
version: latest
- os: ubuntu-latest
version: cached
- os: macos-latest
version: cached
- os: windows-2019
- os: windows-latest
version: cached
- os: ubuntu-latest
version: nightly-latest
- os: macos-latest
version: nightly-latest
- os: windows-2019
version: nightly-latest
- os: windows-2022
- os: windows-latest
version: nightly-latest
name: 'Packaging: Config and input passed to the CLI'
timeout-minutes: 45

10
.github/workflows/__packaging-config-inputs-js.yml generated vendored
View file

@ -29,23 +29,19 @@ jobs:
version: latest
- os: macos-latest
version: latest
- os: windows-2019
version: latest
- os: windows-2022
- os: windows-latest
version: latest
- os: ubuntu-latest
version: cached
- os: macos-latest
version: cached
- os: windows-2019
- os: windows-latest
version: cached
- os: ubuntu-latest
version: nightly-latest
- os: macos-latest
version: nightly-latest
- os: windows-2019
version: nightly-latest
- os: windows-2022
- os: windows-latest
version: nightly-latest
name: 'Packaging: Config and input'
timeout-minutes: 45

10
.github/workflows/__packaging-config-js.yml generated vendored
View file

@ -29,23 +29,19 @@ jobs:
version: latest
- os: macos-latest
version: latest
- os: windows-2019
version: latest
- os: windows-2022
- os: windows-latest
version: latest
- os: ubuntu-latest
version: cached
- os: macos-latest
version: cached
- os: windows-2019
- os: windows-latest
version: cached
- os: ubuntu-latest
version: nightly-latest
- os: macos-latest
version: nightly-latest
- os: windows-2019
version: nightly-latest
- os: windows-2022
- os: windows-latest
version: nightly-latest
name: 'Packaging: Config file'
timeout-minutes: 45

10
.github/workflows/__packaging-inputs-js.yml generated vendored
View file

@ -29,23 +29,19 @@ jobs:
version: latest
- os: macos-latest
version: latest
- os: windows-2019
version: latest
- os: windows-2022
- os: windows-latest
version: latest
- os: ubuntu-latest
version: cached
- os: macos-latest
version: cached
- os: windows-2019
- os: windows-latest
version: cached
- os: ubuntu-latest
version: nightly-latest
- os: macos-latest
version: nightly-latest
- os: windows-2019
version: nightly-latest
- os: windows-2022
- os: windows-latest
version: nightly-latest
name: 'Packaging: Action input'
timeout-minutes: 45

16
.github/workflows/__remote-config.yml generated vendored
View file

@ -25,19 +25,19 @@ jobs:
strategy:
matrix:
include:
- os: ubuntu-latest
- os: ubuntu-20.04
version: stable-20210308
- os: macos-latest
version: stable-20210308
- os: windows-2019
version: stable-20210308
- os: ubuntu-latest
- os: ubuntu-20.04
version: stable-20210319
- os: macos-latest
version: stable-20210319
- os: windows-2019
version: stable-20210319
- os: ubuntu-latest
- os: ubuntu-20.04
version: stable-20210809
- os: macos-latest
version: stable-20210809
@ -47,23 +47,19 @@ jobs:
version: cached
- os: macos-latest
version: cached
- os: windows-2019
- os: windows-latest
version: cached
- os: ubuntu-latest
version: latest
- os: macos-latest
version: latest
- os: windows-2019
version: latest
- os: windows-2022
- os: windows-latest
version: latest
- os: ubuntu-latest
version: nightly-latest
- os: macos-latest
version: nightly-latest
- os: windows-2019
version: nightly-latest
- os: windows-2022
- os: windows-latest
version: nightly-latest
name: Remote config file
timeout-minutes: 45

10
.github/workflows/__rubocop-multi-language.yml generated vendored
View file

@ -25,18 +25,8 @@ jobs:
strategy:
matrix:
include:
- os: ubuntu-latest
version: stable-20210308
- os: ubuntu-latest
version: stable-20210319
- os: ubuntu-latest
version: stable-20210809
- os: ubuntu-latest
version: cached
- os: ubuntu-latest
version: latest
- os: ubuntu-latest
version: nightly-latest
name: RuboCop multi-language
timeout-minutes: 45
runs-on: ${{ matrix.os }}

4
.github/workflows/__test-proxy.yml generated vendored
View file

@ -51,10 +51,10 @@ jobs:
https_proxy: http://squid-proxy:3128
INTERNAL_CODEQL_ACTION_DEBUG_LOC: true
container:
image: ubuntu:18.04
image: ubuntu:22.04
options: --dns 127.0.0.1
services:
squid-proxy:
image: datadog/squid:latest
image: ubuntu/squid:latest
ports:
- 3128:3128

16
.github/workflows/__upload-ref-sha-input.yml generated vendored
View file

@ -25,19 +25,19 @@ jobs:
strategy:
matrix:
include:
- os: ubuntu-latest
- os: ubuntu-20.04
version: stable-20210308
- os: macos-latest
version: stable-20210308
- os: windows-2019
version: stable-20210308
- os: ubuntu-latest
- os: ubuntu-20.04
version: stable-20210319
- os: macos-latest
version: stable-20210319
- os: windows-2019
version: stable-20210319
- os: ubuntu-latest
- os: ubuntu-20.04
version: stable-20210809
- os: macos-latest
version: stable-20210809
@ -47,23 +47,19 @@ jobs:
version: cached
- os: macos-latest
version: cached
- os: windows-2019
- os: windows-latest
version: cached
- os: ubuntu-latest
version: latest
- os: macos-latest
version: latest
- os: windows-2019
version: latest
- os: windows-2022
- os: windows-latest
version: latest
- os: ubuntu-latest
version: nightly-latest
- os: macos-latest
version: nightly-latest
- os: windows-2019
version: nightly-latest
- os: windows-2022
- os: windows-latest
version: nightly-latest
name: "Upload-sarif: 'ref' and 'sha' from inputs"
timeout-minutes: 45

16
.github/workflows/__with-checkout-path.yml generated vendored
View file

@ -25,19 +25,19 @@ jobs:
strategy:
matrix:
include:
- os: ubuntu-latest
- os: ubuntu-20.04
version: stable-20210308
- os: macos-latest
version: stable-20210308
- os: windows-2019
version: stable-20210308
- os: ubuntu-latest
- os: ubuntu-20.04
version: stable-20210319
- os: macos-latest
version: stable-20210319
- os: windows-2019
version: stable-20210319
- os: ubuntu-latest
- os: ubuntu-20.04
version: stable-20210809
- os: macos-latest
version: stable-20210809
@ -47,23 +47,19 @@ jobs:
version: cached
- os: macos-latest
version: cached
- os: windows-2019
- os: windows-latest
version: cached
- os: ubuntu-latest
version: latest
- os: macos-latest
version: latest
- os: windows-2019
version: latest
- os: windows-2022
- os: windows-latest
version: latest
- os: ubuntu-latest
version: nightly-latest
- os: macos-latest
version: nightly-latest
- os: windows-2019
version: nightly-latest
- os: windows-2022
- os: windows-latest
version: nightly-latest
name: Use a custom `checkout_path`
timeout-minutes: 45

1
.github/workflows/codescanning-config-cli.yml vendored
View file

@ -24,7 +24,6 @@ jobs:
continue-on-error: true
strategy:
fail-fast: true
matrix:
include:
- os: ubuntu-latest

39
.github/workflows/debug-artifacts.yml vendored
View file

@ -19,8 +19,31 @@ jobs:
upload-artifacts:
strategy:
matrix:
os: [ubuntu-latest, macos-latest]
version: [stable-20210308, stable-20210319, stable-20210809, cached, latest, nightly-latest]
include:
- os: ubuntu-20.04
version: stable-20210308
- os: macos-latest
version: stable-20210308
- os: ubuntu-20.04
version: stable-20210319
- os: macos-latest
version: stable-20210319
- os: ubuntu-20.04
version: stable-20210809
- os: macos-latest
version: stable-20210809
- os: ubuntu-latest
version: cached
- os: macos-latest
version: cached
- os: ubuntu-latest
version: latest
- os: macos-latest
version: latest
- os: ubuntu-latest
version: nightly-latest
- os: macos-latest
version: nightly-latest
name: Upload debug artifacts
timeout-minutes: 45
runs-on: ${{ matrix.os }}
@ -58,11 +81,17 @@ jobs:
- name: Check expected artifacts exist
shell: bash
run: |
OPERATING_SYSTEMS="ubuntu-latest macos-latest"
VERSIONS="stable-20210308 stable-20210319 stable-20210809 cached latest nightly-latest"
LANGUAGES="cpp csharp go java javascript python"
for os in $OPERATING_SYSTEMS; do
for version in $VERSIONS; do
for version in $VERSIONS; do
if [[ "$version" =~ stable-(20210308|20210319|20210809) ]]; then
# Note the absence of the period in "ubuntu-2004": this is present in the image name
# but not the artifact name
OPERATING_SYSTEMS="ubuntu-2004 macos-latest"
else
OPERATING_SYSTEMS="ubuntu-latest macos-latest"
fi
for os in $OPERATING_SYSTEMS; do
pushd "./my-debug-artifacts-$os-$version"
echo "Artifacts from version $version on $os:"
for language in $LANGUAGES; do

3
.github/workflows/post-release-mergeback.yml vendored
View file

@ -121,7 +121,8 @@ jobs:
- [ ] Remove and re-add the "Update dependencies" label to the PR to trigger just this workflow.
- [ ] Wait for the "Update dependencies" workflow to push a commit updating the dependencies.
- [ ] Mark the PR as ready for review to trigger the full set of PR checks.
- [ ] Approve and merge the PR. Make sure `Create a merge commit` is selected rather than `Squash and merge` or `Rebase and merge`.
- [ ] Approve and merge the PR. When merging the PR, make sure "Create a merge commit" is
selected rather than "Squash and merge" or "Rebase and merge".
EOF
)

1
.github/workflows/pr-checks.yml vendored
View file

@ -16,7 +16,6 @@ jobs:
timeout-minutes: 45
strategy:
fail-fast: true
matrix:
node-types-version: [12.12, current]

8
.github/workflows/python-deps.yml vendored
View file

@ -26,7 +26,7 @@ jobs:
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, ubuntu-22.04, macos-latest]
os: [ubuntu-20.04, ubuntu-22.04, macos-latest]
python_deps_type: [pipenv, poetry, requirements, setup_py]
python_version: [2, 3]
exclude:
@ -65,7 +65,7 @@ jobs:
cd $GITHUB_WORKSPACE/python-setup/tests/${PYTHON_DEPS_TYPE}/requests-${PYTHON_VERSION}
case ${{ matrix.os }} in
ubuntu-latest*) basePath="/opt";;
ubuntu-20.04*) basePath="/opt";;
ubuntu-22.04*) basePath="/opt";;
macos-latest*) basePath="/Users/runner";;
esac
@ -90,7 +90,7 @@ jobs:
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, ubuntu-22.04, macos-latest]
os: [ubuntu-20.04, ubuntu-22.04, macos-latest]
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
@ -112,7 +112,7 @@ jobs:
cd $GITHUB_WORKSPACE/python-setup/tests/requirements/non-standard-location
case ${{ matrix.os }} in
ubuntu-latest*) basePath="/opt";;
ubuntu-20.04*) basePath="/opt";;
ubuntu-22.04*) basePath="/opt";;
macos-latest*) basePath="/Users/runner";;
esac

2
.github/workflows/unset-environment-new-cli.yml vendored
View file

@ -21,7 +21,7 @@ jobs:
strategy:
matrix:
include:
- os: ubuntu-latest
- os: ubuntu-20.04
version: stable-20210809
- os: ubuntu-latest
version: cached

4
.github/workflows/unset-environment-old-cli.yml vendored
View file

@ -24,9 +24,9 @@ jobs:
strategy:
matrix:
include:
- os: ubuntu-latest
- os: ubuntu-20.04
version: stable-20210308
- os: ubuntu-latest
- os: ubuntu-20.04
version: stable-20210319
name: Test unsetting environment variables
timeout-minutes: 45

4
CHANGELOG.md
View file

@ -1,5 +1,9 @@
# CodeQL Action Changelog
## 2.1.30 - 02 Nov 2022
- Improve the error message when using CodeQL bundle version 2.7.2 and earlier in a workflow that runs on a runner image such as `ubuntu-22.04` that uses glibc version 2.34 and later. [#1334](https://github.com/github/codeql-action/pull/1334)
## 2.1.29 - 26 Oct 2022
- Update default CodeQL bundle version to 2.11.2. [#1320](https://github.com/github/codeql-action/pull/1320)

2
README.md
View file

@ -61,7 +61,7 @@ jobs:
# with:
# languages: go, javascript, csharp, python, cpp, java
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java).
# If this step fails, then you should remove it and run the build manually (see below).
- name: Autobuild
uses: github/codeql-action/autobuild@v2

7
lib/actions-util.js generated
View file

@ -502,6 +502,12 @@ async function createStatusReportBase(actionName, status, actionStartedAt, cause
const runnerOs = (0, util_1.getRequiredEnvParam)("RUNNER_OS");
const codeQlCliVersion = (0, util_1.getCachedCodeQlVersion)();
const actionRef = process.env["GITHUB_ACTION_REF"];
const testingEnvironment = process.env[sharedEnv.CODEQL_ACTION_TESTING_ENVIRONMENT] || "";
// re-export the testing environment variable so that it is available to subsequent steps,
// even if it was only set for this step
if (testingEnvironment !== "") {
core.exportVariable(sharedEnv.CODEQL_ACTION_TESTING_ENVIRONMENT, testingEnvironment);
}
const statusReport = {
workflow_run_id: workflowRunID,
workflow_name: workflowName,
@ -515,6 +521,7 @@ async function createStatusReportBase(actionName, status, actionStartedAt, cause
started_at: workflowStartedAt,
action_started_at: actionStartedAt.toISOString(),
status,
testing_environment: testingEnvironment,
runner_os: runnerOs,
action_version: pkg.version,
};

2
lib/actions-util.js.map
View file

File diff suppressed because one or more lines are too long

47
lib/codeql.js generated
View file

@ -22,7 +22,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.getExtraOptions = exports.getCodeQLForTesting = exports.getCachedCodeQL = exports.setCodeQL = exports.getCodeQL = exports.convertToSemVer = exports.getCodeQLURLVersion = exports.setupCodeQL = exports.getCodeQLActionRepository = exports.CODEQL_VERSION_BETTER_RESOLVE_LANGUAGES = exports.CODEQL_VERSION_ML_POWERED_QUERIES_WINDOWS = exports.CODEQL_VERSION_NEW_TRACING = exports.CODEQL_VERSION_GHES_PACK_DOWNLOAD = exports.CODEQL_VERSION_CONFIG_FILES = exports.CODEQL_VERSION_COUNTS_LINES = exports.CODEQL_DEFAULT_ACTION_REPOSITORY = exports.CommandInvocationError = void 0;
exports.getExtraOptions = exports.getCodeQLForTesting = exports.getCachedCodeQL = exports.setCodeQL = exports.getCodeQL = exports.convertToSemVer = exports.getCodeQLURLVersion = exports.setupCodeQL = exports.getCodeQLActionRepository = exports.CODEQL_VERSION_BETTER_RESOLVE_LANGUAGES = exports.CODEQL_VERSION_ML_POWERED_QUERIES_WINDOWS = exports.CODEQL_VERSION_TRACING_GLIBC_2_34 = exports.CODEQL_VERSION_NEW_TRACING = exports.CODEQL_VERSION_GHES_PACK_DOWNLOAD = exports.CODEQL_VERSION_CONFIG_FILES = exports.CODEQL_VERSION_COUNTS_LINES = exports.CODEQL_DEFAULT_ACTION_REPOSITORY = exports.CommandInvocationError = void 0;
const fs = __importStar(require("fs"));
const path = __importStar(require("path"));
const toolrunner = __importStar(require("@actions/exec/lib/toolrunner"));
@ -43,10 +43,11 @@ const trap_caching_1 = require("./trap-caching");
const util = __importStar(require("./util"));
const util_1 = require("./util");
class CommandInvocationError extends Error {
constructor(cmd, args, exitCode, error) {
constructor(cmd, args, exitCode, error, output) {
super(`Failure invoking ${cmd} with arguments ${args}.\n
Exit code ${exitCode} and error was:\n
${error}`);
this.output = output;
}
}
exports.CommandInvocationError = CommandInvocationError;
@ -93,6 +94,11 @@ exports.CODEQL_VERSION_GHES_PACK_DOWNLOAD = "2.10.4";
* versions above that.
*/
exports.CODEQL_VERSION_NEW_TRACING = "2.7.0";
/**
* Versions 2.7.3+ of the CodeQL CLI support build tracing with glibc 2.34 on Linux. Versions before
* this cannot perform build tracing when running on the Actions `ubuntu-22.04` runner image.
*/
exports.CODEQL_VERSION_TRACING_GLIBC_2_34 = "2.7.3";
/**
* Versions 2.9.0+ of the CodeQL CLI run machine learning models from a temporary directory, which
* resolves an issue on Windows where TensorFlow models are not correctly loaded due to the path of
@ -467,15 +473,32 @@ async function getCodeQLForCmd(cmd, checkVersion) {
// action/runner has been implemented in `codeql database trace-command`
// _and_ is present in the latest supported CLI release.)
const envFile = path.resolve(databasePath, "working", "env.tmp");
await runTool(cmd, [
"database",
"trace-command",
databasePath,
...getExtraOptionsFromEnv(["database", "trace-command"]),
process.execPath,
tracerEnvJs,
envFile,
]);
try {
await runTool(cmd, [
"database",
"trace-command",
databasePath,
...getExtraOptionsFromEnv(["database", "trace-command"]),
process.execPath,
tracerEnvJs,
envFile,
]);
}
catch (e) {
if (e instanceof CommandInvocationError &&
e.output.includes("undefined symbol: __libc_dlopen_mode, version GLIBC_PRIVATE") &&
process.platform === "linux" &&
!(await util.codeQlVersionAbove(this, exports.CODEQL_VERSION_TRACING_GLIBC_2_34))) {
throw new util.UserError("The CodeQL CLI is incompatible with the version of glibc on your system. " +
`Please upgrade to CodeQL CLI version ${exports.CODEQL_VERSION_TRACING_GLIBC_2_34} or ` +
"later. If you cannot upgrade to a newer version of the CodeQL CLI, you can " +
`alternatively run your workflow on another runner image such as "ubuntu-20.04" ` +
"that has glibc 2.33 or earlier installed.");
}
else {
throw e;
}
}
return JSON.parse(fs.readFileSync(envFile, "utf-8"));
},
async databaseInit(databasePath, language, sourceRoot) {
@ -864,7 +887,7 @@ async function runTool(cmd, args = []) {
ignoreReturnCode: true,
}).exec();
if (exitCode !== 0)
throw new CommandInvocationError(cmd, args, exitCode, error);
throw new CommandInvocationError(cmd, args, exitCode, error, output);
return output;
}
/**

2
lib/codeql.js.map
View file

File diff suppressed because one or more lines are too long

3
lib/shared-environment.js generated
View file

@ -1,6 +1,6 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.CODEQL_WORKFLOW_STARTED_AT = exports.ODASA_TRACER_CONFIGURATION = void 0;
exports.CODEQL_ACTION_TESTING_ENVIRONMENT = exports.CODEQL_WORKFLOW_STARTED_AT = exports.ODASA_TRACER_CONFIGURATION = void 0;
exports.ODASA_TRACER_CONFIGURATION = "ODASA_TRACER_CONFIGURATION";
// The time at which the first action (normally init) started executing.
// If a workflow invokes a different action without first invoking the init
@ -8,4 +8,5 @@ exports.ODASA_TRACER_CONFIGURATION = "ODASA_TRACER_CONFIGURATION";
// then this variable will be assigned the start time of the action invoked
// rather that the init action.
exports.CODEQL_WORKFLOW_STARTED_AT = "CODEQL_WORKFLOW_STARTED_AT";
exports.CODEQL_ACTION_TESTING_ENVIRONMENT = "CODEQL_ACTION_TESTING_ENVIRONMENT";
//# sourceMappingURL=shared-environment.js.map

2
lib/shared-environment.js.map
View file

@ -1 +1 @@
{"version":3,"file":"shared-environment.js","sourceRoot":"","sources":["../src/shared-environment.ts"],"names":[],"mappings":";;;AAAa,QAAA,0BAA0B,GAAG,4BAA4B,CAAC;AACvE,wEAAwE;AACxE,2EAA2E;AAC3E,4EAA4E;AAC5E,2EAA2E;AAC3E,+BAA+B;AAClB,QAAA,0BAA0B,GAAG,4BAA4B,CAAC"}
{"version":3,"file":"shared-environment.js","sourceRoot":"","sources":["../src/shared-environment.ts"],"names":[],"mappings":";;;AAAa,QAAA,0BAA0B,GAAG,4BAA4B,CAAC;AACvE,wEAAwE;AACxE,2EAA2E;AAC3E,4EAA4E;AAC5E,2EAA2E;AAC3E,+BAA+B;AAClB,QAAA,0BAA0B,GAAG,4BAA4B,CAAC;AAE1D,QAAA,iCAAiC,GAC5C,mCAAmC,CAAC"}

2
node_modules/.package-lock.json generated vendored
View file

@ -1,6 +1,6 @@
{
"name": "codeql",
"version": "2.1.29",
"version": "2.1.30",
"lockfileVersion": 2,
"requires": true,
"packages": {

4
package-lock.json generated
View file

@ -1,12 +1,12 @@
{
"name": "codeql",
"version": "2.1.29",
"version": "2.1.30",
"lockfileVersion": 2,
"requires": true,
"packages": {
"": {
"name": "codeql",
"version": "2.1.29",
"version": "2.1.30",
"license": "MIT",
"dependencies": {
"@actions/artifact": "^1.1.0",

2
package.json
View file

@ -1,6 +1,6 @@
{
"name": "codeql",
"version": "2.1.29",
"version": "2.1.30",
"private": true,
"description": "CodeQL action",
"scripts": {

2
pr-checks/checks/extractor-ram-threads.yml
View file

@ -1,7 +1,7 @@
name: "Extractor ram and threads options test"
description: "Tests passing RAM and threads limits to extractors"
versions: ["latest"]
os: ["ubuntu-latest"]
operatingSystems: ["ubuntu"]
steps:
- uses: ./../action/init
with:

2
pr-checks/checks/go-custom-tracing-autobuild.yml
View file

@ -1,6 +1,6 @@
name: "Go: Autobuild custom tracing"
description: "Checks that Go tracing works in conjunction with the autobuilder"
os: ["ubuntu-latest", "macos-latest"]
operatingSystems: ["ubuntu", "macos"]
env:
CODEQL_EXTRACTOR_GO_BUILD_TRACING: "on"
DOTNET_GENERATE_ASPNET_CERTIFICATE: "false"

2
pr-checks/checks/go-reconciled-tracing-autobuilder.yml
View file

@ -1,6 +1,6 @@
name: "Go: Reconciled tracing with autobuilder"
description: "Checks that Go reconciled tracing works when using an autobuilder step"
os: ["ubuntu-latest", "macos-latest"]
operatingSystems: ["ubuntu", "macos"]
env:
CODEQL_ACTION_RECONCILE_GO_EXTRACTION: "true"
DOTNET_GENERATE_ASPNET_CERTIFICATE: "false"

2
pr-checks/checks/go-reconciled-tracing-legacy-workflow.yml
View file

@ -1,6 +1,6 @@
name: "Go: Reconciled tracing with legacy workflow"
description: "Checks that we run the autobuilder in legacy workflows with neither an autobuild step nor manual build steps"
os: ["ubuntu-latest", "macos-latest"]
operatingSystems: ["ubuntu", "macos"]
env:
# Enable reconciled Go tracing beta functionality
CODEQL_ACTION_RECONCILE_GO_EXTRACTION: "true"

2
pr-checks/checks/javascript-source-root.yml
View file

@ -1,7 +1,7 @@
name: "Custom source root"
description: "Checks that the argument specifying a non-default source root works"
versions: ["latest", "cached", "nightly-latest"] # This feature is not compatible with old CLIs
os: ["ubuntu-latest"]
operatingSystems: ["ubuntu"]
steps:
- name: Move codeql-action
shell: bash

2
pr-checks/checks/ml-powered-queries.yml
View file

@ -7,8 +7,6 @@ versions: [
"latest",
"nightly-latest",
]
# Test on all three platforms since ML-powered queries use native code
os: ["ubuntu-latest", "macos-latest", "windows-latest"]
steps:
- uses: ./../action/init
with:

2
pr-checks/checks/multi-language-autodetect.yml
View file

@ -1,6 +1,6 @@
name: "Multi-language repository"
description: "An end-to-end integration test of a multi-language repository using automatic language detection"
os: ["ubuntu-latest", "macos-latest"]
operatingSystems: ["ubuntu", "macos"]
steps:
- uses: ./../action/init
with:

4
pr-checks/checks/rubocop-multi-language.yml
View file

@ -1,6 +1,8 @@
name: "RuboCop multi-language"
description: "Tests using RuboCop to analyze a multi-language repository and then using the CodeQL Action to upload the resulting SARIF"
os: ["ubuntu-latest"]
operatingSystems: ["ubuntu"]
# This check doesn't use CodeQL, so the `version` matrix variable is unused.
versions: ["cached"]
steps:
- name: Set up Ruby
uses: ruby/setup-ruby@v1

2
pr-checks/checks/split-workflow.yml
View file

@ -1,6 +1,6 @@
name: "Split workflow"
description: "Tests a split-up workflow in which we first build a database and later analyze it"
os: ["ubuntu-latest", "macos-latest"]
operatingSystems: ["ubuntu", "macos"]
versions: ["latest", "cached", "nightly-latest"] # This feature is not compatible with old CLIs
steps:
- uses: ./../action/init

2
pr-checks/checks/test-autobuild-working-dir.yml
View file

@ -1,7 +1,7 @@
name: "Autobuild working directory"
description: "Tests working-directory input of autobuild action"
versions: ["latest"]
os: ["ubuntu-latest"]
operatingSystems: ["ubuntu"]
steps:
- name: Test setup
shell: bash

2
pr-checks/checks/test-local-codeql.yml
View file

@ -1,7 +1,7 @@
name: "Local CodeQL bundle"
description: "Tests using a CodeQL bundle from a local file rather than a URL"
versions: ["nightly-latest"]
os: ["ubuntu-latest"]
operatingSystems: ["ubuntu"]
steps:
- name: Fetch a CodeQL bundle
shell: bash

6
pr-checks/checks/test-proxy.yml
View file

@ -1,13 +1,13 @@
name: "Proxy test"
description: "Tests using a proxy specified by the https_proxy environment variable"
versions: ["latest"]
os: ["ubuntu-latest"]
operatingSystems: ["ubuntu"]
container:
image: ubuntu:18.04
image: ubuntu:22.04
options: --dns 127.0.0.1
services:
squid-proxy:
image: datadog/squid:latest
image: ubuntu/squid:latest
ports:
- 3128:3128
env:

2
pr-checks/checks/test-ruby.yml
View file

@ -1,7 +1,7 @@
name: "Ruby analysis"
description: "Tests creation of a Ruby database"
versions: ["latest", "cached", "nightly-latest"]
os: ["ubuntu-latest", "macos-latest"]
operatingSystems: ["ubuntu", "macos"]
env:
CODEQL_ENABLE_EXPERIMENTAL_FEATURES: "true"
steps:

4
pr-checks/checks/with-checkout-path.yml
View file

@ -1,9 +1,5 @@
name: "Use a custom `checkout_path`"
description: "Checks that a custom `checkout_path` will find the proper commit_oid"
# Build tracing currently does not support Windows 2022, so use `windows-2019` instead of
# `windows-latest`.
# Must test on all three platforms since this test does path manipulation
os: [ubuntu-latest, macos-latest, windows-2019]
steps:
# Check out the actions repo again, but at a different location.
# choose an arbitrary SHA so that we can later test that the commit_oid is not from main

47
pr-checks/sync.py
View file

@ -1,6 +1,7 @@
import ruamel.yaml
import os
# The default set of CodeQL Bundle versions to use for the PR checks.
defaultTestVersions = [
# The oldest supported CodeQL version: 2.4.5. If bumping, update `CODEQL_MINIMUM_VERSION` in `codeql.ts`
"stable-20210308",
@ -15,7 +16,24 @@ defaultTestVersions = [
# A nightly build directly from the our private repo, built in the last 24 hours.
"nightly-latest"
]
defaultOperatingSystems = ["ubuntu-latest", "macos-latest", "windows-2019"]
def isCompatibleWithLatestImages(version):
if version in ["cached", "latest", "nightly-latest"]:
return True
date = version.split("-")[1]
# The first version of the CodeQL CLI compatible with `ubuntu-22.04` and `windows-2022` is
# 2.7.3. This appears in CodeQL Bundle version codeql-bundle-20211208.
return date >= "20211208"
def operatingSystemsForVersion(version):
if isCompatibleWithLatestImages(version):
return ["ubuntu-latest", "macos-latest", "windows-latest"]
else:
return ["ubuntu-20.04", "macos-latest", "windows-2019"]
header = """# Warning: This file is generated automatically, and should not be modified.
# Instead, please modify the template in the pr-checks directory and run:
# pip install ruamel.yaml && python3 sync.py
@ -23,6 +41,7 @@ header = """# Warning: This file is generated automatically, and should not be m
"""
class NonAliasingRTRepresenter(ruamel.yaml.representer.RoundTripRepresenter):
def ignore_aliases(self, data):
return True
@ -39,13 +58,6 @@ for file in os.listdir('checks'):
with open(f"checks/{file}", 'r') as checkStream:
checkSpecification = yaml.load(checkStream)
versions = defaultTestVersions
if 'versions' in checkSpecification:
versions = checkSpecification['versions']
operatingSystems = defaultOperatingSystems
if 'os' in checkSpecification:
operatingSystems = checkSpecification['os']
steps = [
{
'name': 'Check out repository',
@ -63,20 +75,17 @@ for file in os.listdir('checks'):
steps.extend(checkSpecification['steps'])
matrix = []
for version in versions:
for os in operatingSystems:
for version in checkSpecification.get('versions', defaultTestVersions):
runnerImages = operatingSystemsForVersion(version)
if checkSpecification.get('operatingSystems', None):
runnerImages = [image for image in runnerImages for operatingSystem in checkSpecification['operatingSystems']
if image.startswith(operatingSystem)]
for runnerImage in runnerImages:
matrix.append({
'os': os,
'os': runnerImage,
'version': version
})
if (version == 'latest' or version == 'nightly-latest') and os == 'windows-2019':
# New versions of the CLI should also work with Windows Server 2022.
# Once all versions of the CLI that we test against work with Windows Server 2022,
# we should remove this logic and instead just add windows-2022 to the test matrix.
matrix.append({
'os': 'windows-2022',
'version': version
})
checkJob = {
'strategy': {

17
src/actions-util.ts
View file

@ -600,6 +600,12 @@ export interface StatusReportBase {
completed_at?: string;
/** State this action is currently in. */
status: ActionStatus;
/**
* Testing environment: Set if non-production environment.
* The server accepts one of the following values:
* `["", "qa-rc", "qa-rc-1", "qa-rc-2", "qa-experiment-1", "qa-experiment-2", "qa-experiment-3"]`.
*/
testing_environment: string;
/**
* Information about the enablement of the ML-powered JS query pack.
*
@ -675,6 +681,16 @@ export async function createStatusReportBase(
const runnerOs = getRequiredEnvParam("RUNNER_OS");
const codeQlCliVersion = getCachedCodeQlVersion();
const actionRef = process.env["GITHUB_ACTION_REF"];
const testingEnvironment =
process.env[sharedEnv.CODEQL_ACTION_TESTING_ENVIRONMENT] || "";
// re-export the testing environment variable so that it is available to subsequent steps,
// even if it was only set for this step
if (testingEnvironment !== "") {
core.exportVariable(
sharedEnv.CODEQL_ACTION_TESTING_ENVIRONMENT,
testingEnvironment
);
}
const statusReport: StatusReportBase = {
workflow_run_id: workflowRunID,
@ -689,6 +705,7 @@ export async function createStatusReportBase(
started_at: workflowStartedAt,
action_started_at: actionStartedAt.toISOString(),
status,
testing_environment: testingEnvironment,
runner_os: runnerOs,
action_version: pkg.version,
};

58
src/codeql.ts
View file

@ -48,7 +48,13 @@ interface ExtraOptions {
}
export class CommandInvocationError extends Error {
constructor(cmd: string, args: string[], exitCode: number, error: string) {
constructor(
cmd: string,
args: string[],
exitCode: number,
error: string,
public output: string
) {
super(
`Failure invoking ${cmd} with arguments ${args}.\n
Exit code ${exitCode} and error was:\n
@ -263,6 +269,12 @@ export const CODEQL_VERSION_GHES_PACK_DOWNLOAD = "2.10.4";
*/
export const CODEQL_VERSION_NEW_TRACING = "2.7.0";
/**
* Versions 2.7.3+ of the CodeQL CLI support build tracing with glibc 2.34 on Linux. Versions before
* this cannot perform build tracing when running on the Actions `ubuntu-22.04` runner image.
*/
export const CODEQL_VERSION_TRACING_GLIBC_2_34 = "2.7.3";
/**
* Versions 2.9.0+ of the CodeQL CLI run machine learning models from a temporary directory, which
* resolves an issue on Windows where TensorFlow models are not correctly loaded due to the path of
@ -742,15 +754,39 @@ async function getCodeQLForCmd(
// _and_ is present in the latest supported CLI release.)
const envFile = path.resolve(databasePath, "working", "env.tmp");
await runTool(cmd, [
"database",
"trace-command",
databasePath,
...getExtraOptionsFromEnv(["database", "trace-command"]),
process.execPath,
tracerEnvJs,
envFile,
]);
try {
await runTool(cmd, [
"database",
"trace-command",
databasePath,
...getExtraOptionsFromEnv(["database", "trace-command"]),
process.execPath,
tracerEnvJs,
envFile,
]);
} catch (e) {
if (
e instanceof CommandInvocationError &&
e.output.includes(
"undefined symbol: __libc_dlopen_mode, version GLIBC_PRIVATE"
) &&
process.platform === "linux" &&
!(await util.codeQlVersionAbove(
this,
CODEQL_VERSION_TRACING_GLIBC_2_34
))
) {
throw new util.UserError(
"The CodeQL CLI is incompatible with the version of glibc on your system. " +
`Please upgrade to CodeQL CLI version ${CODEQL_VERSION_TRACING_GLIBC_2_34} or ` +
"later. If you cannot upgrade to a newer version of the CodeQL CLI, you can " +
`alternatively run your workflow on another runner image such as "ubuntu-20.04" ` +
"that has glibc 2.33 or earlier installed."
);
} else {
throw e;
}
}
return JSON.parse(fs.readFileSync(envFile, "utf-8"));
},
async databaseInit(
@ -1259,7 +1295,7 @@ async function runTool(cmd: string, args: string[] = []) {
ignoreReturnCode: true,
}).exec();
if (exitCode !== 0)
throw new CommandInvocationError(cmd, args, exitCode, error);
throw new CommandInvocationError(cmd, args, exitCode, error, output);
return output;
}

3
src/shared-environment.ts
View file

@ -5,3 +5,6 @@ export const ODASA_TRACER_CONFIGURATION = "ODASA_TRACER_CONFIGURATION";
// then this variable will be assigned the start time of the action invoked
// rather that the init action.
export const CODEQL_WORKFLOW_STARTED_AT = "CODEQL_WORKFLOW_STARTED_AT";
export const CODEQL_ACTION_TESTING_ENVIRONMENT =
"CODEQL_ACTION_TESTING_ENVIRONMENT";