robojerk/codeql-action

Merge remote-tracking branch 'upstream/main' into aeisenberg/enable-kotlin-tests

Browse source
This commit is contained in:
Andrew Eisenberg 2024-06-14 13:20:03 -07:00
commit 3f41e06a52
No known key found for this signature in database
964 changed files with 33911 additions and 44091 deletions
Download patch file Download diff file Expand all files Collapse all files

2
pr-checks/checks/all-platform-bundle.yml
View file

@ -15,5 +15,3 @@ steps:
shell: bash
run: ./build.sh
- uses: ./../action/analyze
with:
upload-database: false

1
pr-checks/checks/analyze-ref-input.yml
View file

@ -12,6 +12,5 @@ steps:
run: ./build.sh
- uses: ./../action/analyze
with:
upload-database: false
ref: 'refs/heads/main'
sha: '5e235361806c361d4d3f8859e3c897658025a9a2'

4
pr-checks/checks/autobuild-action.yml
View file

@ -1,6 +1,6 @@
name: "autobuild-action"
description: "Tests that the C# autobuild action works"
versions: ["latest"]
versions: ["linked"]
steps:
- uses: ./../action/init
with:
@ -16,8 +16,6 @@ steps:
CORECLR_PROFILER: ""
CORECLR_PROFILER_PATH_64: ""
- uses: ./../action/analyze
with:
upload-database: false
- name: Check database
shell: bash
run: |

34
pr-checks/checks/autobuild-direct-tracing-with-working-dir.yml Normal file
View file

@ -0,0 +1,34 @@
name: "Autobuild direct tracing (custom working directory)"
description: >
An end-to-end integration test of a Java repository built using 'build-mode: autobuild',
with direct tracing enabled and a custom working directory specified as the input to the
autobuild Action.
operatingSystems: ["ubuntu", "windows"]
versions: ["linked", "nightly-latest"]
env:
CODEQL_ACTION_AUTOBUILD_BUILD_MODE_DIRECT_TRACING: true
steps:
- name: Test setup
shell: bash
run: |
# Make sure that Gradle build succeeds in autobuild-dir ...
cp -a ../action/tests/java-repo autobuild-dir
# ... and fails if attempted in the current directory
echo > build.gradle
- uses: ./../action/init
with:
build-mode: autobuild
languages: java
tools: ${{ steps.prepare-test.outputs.tools-url }}
- name: Check that indirect tracing is disabled
shell: bash
run: |
if [[ ! -z "${CODEQL_RUNNER}" ]]; then
echo "Expected indirect tracing to be disabled, but the" \
"CODEQL_RUNNER environment variable is set."
exit 1
fi
- uses: ./../action/autobuild
with:
working-directory: autobuild-dir
- uses: ./../action/analyze

32
pr-checks/checks/autobuild-direct-tracing.yml Normal file
View file

@ -0,0 +1,32 @@
name: "Autobuild direct tracing"
description: "An end-to-end integration test of a Java repository built using 'build-mode: autobuild', with direct tracing enabled"
operatingSystems: ["ubuntu", "windows"]
versions: ["linked", "nightly-latest"]
env:
CODEQL_ACTION_AUTOBUILD_BUILD_MODE_DIRECT_TRACING: true
steps:
- name: Set up Java test repo configuration
shell: bash
run: |
mv * .github ../action/tests/multi-language-repo/
mv ../action/tests/multi-language-repo/.github/workflows .github
mv ../action/tests/java-repo/* .
- uses: ./../action/init
id: init
with:
build-mode: autobuild
db-location: "${{ runner.temp }}/customDbLocation"
languages: java
tools: ${{ steps.prepare-test.outputs.tools-url }}
- name: Check that indirect tracing is disabled
shell: bash
run: |
if [[ ! -z "${CODEQL_RUNNER}" ]]; then
echo "Expected indirect tracing to be disabled, but the" \
"CODEQL_RUNNER environment variable is set."
exit 1
fi
- uses: ./../action/analyze

2
pr-checks/checks/build-mode-none.yml
View file

@ -1,7 +1,7 @@
name: "Build mode none"
description: "An end-to-end integration test of a Java repository built using 'build-mode: none'"
operatingSystems: ["ubuntu"]
versions: ["latest", "nightly-latest"]
versions: ["linked", "nightly-latest"]
steps:
- uses: ./../action/init
id: init

25
pr-checks/checks/cleanup-db-cluster-dir.yml Normal file
View file

@ -0,0 +1,25 @@
name: "Clean up database cluster directory"
description: "The database cluster directory is cleaned up if it is not empty."
operatingSystems: ["ubuntu"]
versions: ["linked"]
steps:
- name: Add a file to the database cluster directory
run: |
mkdir -p "${{ runner.temp }}/customDbLocation/javascript"
touch "${{ runner.temp }}/customDbLocation/javascript/a-file-to-clean-up.txt"
- uses: ./../action/init
id: init
with:
build-mode: none
db-location: "${{ runner.temp }}/customDbLocation"
languages: javascript
tools: ${{ steps.prepare-test.outputs.tools-url }}
- name: Validate file cleaned up
run: |
if [[ -f "${{ runner.temp }}/customDbLocation/javascript/a-file-to-clean-up.txt" ]]; then
echo "File was not cleaned up"
exit 1
fi
echo "File was cleaned up"

2
pr-checks/checks/config-export.yml
View file

@ -1,6 +1,6 @@
name: "Config export"
description: "Tests that the code scanning configuration file is exported to SARIF correctly."
versions: ["latest", "nightly-latest"]
versions: ["linked", "nightly-latest"]
steps:
- uses: ./../action/init
with:

2
pr-checks/checks/config-input.yml
View file

@ -1,7 +1,7 @@
name: "Config input"
description: "Tests specifying configuration using the config input"
operatingSystems: ["ubuntu"]
versions: ["latest"]
versions: ["linked"]
steps:
- name: Copy queries into workspace
run: |

2
pr-checks/checks/cpp-deptrace-disabled.yml
View file

@ -1,7 +1,7 @@
name: "C/C++: disabling autoinstalling dependencies (Linux)"
description: "Checks that running C/C++ autobuild with autoinstalling dependencies explicitly disabled works"
operatingSystems: ["ubuntu"]
versions: ["latest", "default", "nightly-latest"] # This feature is not compatible with CLIs < 2.15.0
versions: ["linked", "default", "nightly-latest"] # This feature is not compatible with CLIs < 2.15.0
env:
DOTNET_GENERATE_ASPNET_CERTIFICATE: "false"
steps:

2
pr-checks/checks/cpp-deptrace-enabled.yml
View file

@ -1,7 +1,7 @@
name: "C/C++: autoinstalling dependencies (Linux)"
description: "Checks that running C/C++ autobuild with autoinstalling dependencies works"
operatingSystems: ["ubuntu"]
versions: ["latest", "default", "nightly-latest"] # This feature is not compatible with CLIs < 2.15.0
versions: ["linked", "default", "nightly-latest"] # This feature is not compatible with CLIs < 2.15.0
env:
DOTNET_GENERATE_ASPNET_CERTIFICATE: "false"
steps:

6
pr-checks/checks/diagnostics-export.yml
View file

@ -1,8 +1,8 @@
name: "Diagnostic export"
description: "Tests that manually added diagnostics are correctly exported to SARIF."
# Test on 2.12.5 (which requires a workaround in the Action), the latest release, and the latest
# Test on 2.12.6 (which requires a workaround in the Action), the latest release, and the latest
# nightly.
versions: ["stable-20230317", "latest", "nightly-latest"]
versions: ["stable-20230403", "linked", "nightly-latest"]
env:
CODEQL_ACTION_EXPORT_DIAGNOSTICS: true
steps:
@ -17,7 +17,7 @@ steps:
CODEQL_PATH: ${{ steps.init.outputs.codeql-path }}
run: |
for i in {1..2}; do
# Use the same location twice to test the workaround for the bug in CodeQL CLI 2.12.5 that
# Use the same location twice to test the workaround for the bug in CodeQL CLI 2.12.6 that
# produces an invalid diagnostic with multiple identical location objects.
"$CODEQL_PATH" database add-diagnostic \
"$RUNNER_TEMP/codeql_databases/javascript" \

2
pr-checks/checks/extractor-ram-threads.yml
View file

@ -1,6 +1,6 @@
name: "Extractor ram and threads options test"
description: "Tests passing RAM and threads limits to extractors"
versions: ["latest"]
versions: ["linked"]
operatingSystems: ["ubuntu"]
steps:
- uses: ./../action/init

5
pr-checks/checks/go-custom-queries.yml
View file

@ -3,6 +3,9 @@ description: "Checks that Go works in conjunction with a config file specifying
env:
DOTNET_GENERATE_ASPNET_CERTIFICATE: "false"
steps:
- uses: actions/setup-go@v5
with:
go-version: ">=1.21.0"
- uses: ./../action/init
with:
languages: go
@ -12,5 +15,3 @@ steps:
shell: bash
run: ./build.sh
- uses: ./../action/analyze
with:
upload-database: false

50
pr-checks/checks/go-indirect-tracing-workaround-no-file-program.yml Normal file
View file

@ -0,0 +1,50 @@
name: "Go: diagnostic when `file` is not installed"
description: "Checks that we emit a diagnostic if the `file` program is not installed"
# only Linux is affected
operatingSystems: ["ubuntu"]
# pinned to a version which does not support statically linked binaries for indirect tracing
versions: ["stable-v2.14.6"]
steps:
- uses: actions/setup-go@v5
with:
# We need a Go version that ships with statically linked binaries on Linux
go-version: ">=1.21.0"
- name: Remove `file` program
run: |
echo $(which file)
sudo rm -rf $(which file)
echo $(which file)
- uses: ./../action/init
with:
languages: go
tools: ${{ steps.prepare-test.outputs.tools-url }}
- name: Build code
shell: bash
run: go build main.go
- uses: ./../action/analyze
with:
output: "${{ runner.temp }}/results"
upload-database: false
- name: Check diagnostic appears in SARIF
uses: actions/github-script@v7
env:
SARIF_PATH: "${{ runner.temp }}/results/go.sarif"
with:
script: |
const fs = require('fs');
const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8'));
const run = sarif.runs[0];
const toolExecutionNotifications = run.invocations[0].toolExecutionNotifications;
const statusPageNotifications = toolExecutionNotifications.filter(n =>
n.descriptor.id === 'go/workflow/file-program-unavailable' && n.properties?.visibility?.statusPage
);
if (statusPageNotifications.length !== 1) {
core.setFailed(
'Expected exactly one status page reporting descriptor for this diagnostic in the ' +
`'runs[].invocations[].toolExecutionNotifications[]' SARIF property, but found ` +
`${statusPageNotifications.length}. All notification reporting descriptors: ` +
`${JSON.stringify(toolExecutionNotifications)}.`
);
}

2
pr-checks/checks/go-indirect-tracing-workaround.yml
View file

@ -17,8 +17,6 @@ steps:
shell: bash
run: go build main.go
- uses: ./../action/analyze
with:
upload-database: false
- shell: bash
run: |
if [[ -z "${CODEQL_ACTION_GO_BINARY}" ]]; then

2
pr-checks/checks/go-tracing-autobuilder.yml
View file

@ -16,8 +16,6 @@ steps:
tools: ${{ steps.prepare-test.outputs.tools-url }}
- uses: ./../action/autobuild
- uses: ./../action/analyze
with:
upload-database: false
- shell: bash
run: |
if [[ "${CODEQL_ACTION_DID_AUTOBUILD_GOLANG}" != true ]]; then

2
pr-checks/checks/go-tracing-custom-build-steps.yml
View file

@ -16,8 +16,6 @@ steps:
shell: bash
run: go build main.go
- uses: ./../action/analyze
with:
upload-database: false
- shell: bash
run: |
# Once we start running Bash 4.2 in all environments, we can replace the

2
pr-checks/checks/go-tracing-legacy-workflow.yml
View file

@ -15,8 +15,6 @@ steps:
languages: go
tools: ${{ steps.prepare-test.outputs.tools-url }}
- uses: ./../action/analyze
with:
upload-database: false
- shell: bash
run: |
cd "$RUNNER_TEMP/codeql_databases"

2
pr-checks/checks/init-with-registries.yml
View file

@ -7,7 +7,7 @@ description: "Checks that specifying a registries block and associated auth work
versions: [
# This feature is not compatible with older CLIs
"default",
"latest",
"linked",
"nightly-latest",
]

4
pr-checks/checks/javascript-source-root.yml
View file

@ -1,6 +1,6 @@
name: "Custom source root"
description: "Checks that the argument specifying a non-default source root works"
versions: ["latest", "default", "nightly-latest"] # This feature is not compatible with old CLIs
versions: ["linked", "default", "nightly-latest"] # This feature is not compatible with old CLIs
operatingSystems: ["ubuntu"]
steps:
- name: Move codeql-action
@ -15,9 +15,7 @@ steps:
tools: ${{ steps.prepare-test.outputs.tools-url }}
- uses: ./../action/analyze
with:
upload-database: false
skip-queries: true
upload: never
- name: Assert database exists
shell: bash
run: |

2
pr-checks/checks/language-aliases.yml
View file

@ -1,6 +1,6 @@
name: "Language aliases"
description: "Tests that language aliases are resolved correctly"
versions: ["latest"]
versions: ["linked"]
operatingSystems: ["ubuntu"]
steps:
- uses: ./../action/init

11
pr-checks/checks/multi-language-autodetect.yml
View file

@ -1,7 +1,12 @@
name: "Multi-language repository"
description: "An end-to-end integration test of a multi-language repository using automatic language detection"
operatingSystems: ["ubuntu", "macos"]
# TODO: Add ubuntu back for `nightly-latest` and `latest` once CLI v2.17.4 is available.
operatingSystems: ["macos"]
steps:
- uses: actions/setup-go@v5
with:
go-version: ">=1.21.0"
- uses: ./../action/init
id: init
with:
@ -61,9 +66,7 @@ steps:
fi
- name: Check language autodetect for Swift
if: >-
env.CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT == 'true' ||
(runner.os != 'Windows' && matrix.version == 'nightly-latest')
if: runner.os != 'Windows' && matrix.version != 'stable-20230403'
shell: bash
run: |
SWIFT_DB=${{ fromJson(steps.analysis.outputs.db-locations).swift }}

2
pr-checks/checks/packaging-codescanning-config-inputs-js.yml
View file

@ -1,6 +1,6 @@
name: "Packaging: Config and input passed to the CLI"
description: "Checks that specifying packages using a combination of a config file and input to the Action works"
versions: ["latest", "default", "nightly-latest"] # This feature is not compatible with old CLIs
versions: ["linked", "default", "nightly-latest"] # This feature is not compatible with old CLIs
steps:
- uses: ./../action/init
with:

2
pr-checks/checks/packaging-config-inputs-js.yml
View file

@ -1,6 +1,6 @@
name: "Packaging: Config and input"
description: "Checks that specifying packages using a combination of a config file and input to the Action works"
versions: ["latest", "default", "nightly-latest"] # This feature is not compatible with old CLIs
versions: ["linked", "default", "nightly-latest"] # This feature is not compatible with old CLIs
steps:
- uses: ./../action/init
with:

2
pr-checks/checks/packaging-config-js.yml
View file

@ -1,6 +1,6 @@
name: "Packaging: Config file"
description: "Checks that specifying packages using only a config file works"
versions: ["latest", "default", "nightly-latest"] # This feature is not compatible with old CLIs
versions: ["linked", "default", "nightly-latest"] # This feature is not compatible with old CLIs
steps:
- uses: ./../action/init
with:

2
pr-checks/checks/packaging-inputs-js.yml
View file

@ -1,6 +1,6 @@
name: "Packaging: Action input"
description: "Checks that specifying packages using the input to the Action works"
versions: ["latest", "default", "nightly-latest"] # This feature is not compatible with old CLIs
versions: ["linked", "default", "nightly-latest"] # This feature is not compatible with old CLIs
steps:
- uses: ./../action/init
with:

2
pr-checks/checks/resolve-environment-action.yml
View file

@ -1,6 +1,6 @@
name: "Resolve environment"
description: "Tests that the resolve-environment action works for Go and JavaScript/TypeScript"
versions: ["stable-v2.13.4", "default", "latest", "nightly-latest"]
versions: ["stable-v2.13.4", "default", "linked", "nightly-latest"]
steps:
- uses: ./../action/init
with:

2
pr-checks/checks/ruby.yml
View file

@ -1,6 +1,6 @@
name: "Ruby analysis"
description: "Tests creation of a Ruby database"
versions: ["latest", "default", "nightly-latest"]
versions: ["linked", "default", "nightly-latest"]
operatingSystems: ["ubuntu", "macos"]
steps:
- uses: ./../action/init

7
pr-checks/checks/scaling-reserved-ram.yml
View file

@ -1,9 +1,14 @@
name: "Scaling reserved RAM"
description: "An end-to-end integration test of a multi-language repository with the scaling_reserved_ram feature flag enabled"
operatingSystems: ["ubuntu", "macos"]
# TODO: Add ubuntu back for `nightly-latest` and `latest` once CLI v2.17.4 is available.
operatingSystems: ["macos"]
env:
CODEQL_ACTION_SCALING_RESERVED_RAM: true
steps:
- uses: actions/setup-go@v5
with:
go-version: ">=1.21.0"
- uses: ./../action/init
id: init
with:

2
pr-checks/checks/split-workflow.yml
View file

@ -1,7 +1,7 @@
name: "Split workflow"
description: "Tests a split-up workflow in which we first build a database and later analyze it"
operatingSystems: ["ubuntu", "macos"]
versions: ["latest", "default", "nightly-latest"] # This feature is not compatible with old CLIs
versions: ["linked", "default", "nightly-latest"] # This feature is not compatible with old CLIs
steps:
- uses: ./../action/init
with:

2
pr-checks/checks/submit-sarif-failure.yml
View file

@ -1,6 +1,6 @@
name: Submit SARIF after failure
description: Check that a SARIF file is submitted for the workflow run if it fails
versions: ["latest", "default", "nightly-latest"]
versions: ["linked", "default", "nightly-latest"]
operatingSystems: ["ubuntu"]
env:

5
pr-checks/checks/swift-custom-build.yml
View file

@ -1,7 +1,8 @@
name: "Swift analysis using a custom build command"
description: "Tests creation of a Swift database using custom build"
versions: ["latest", "default", "nightly-latest"]
operatingSystems: ["ubuntu", "macos"]
versions: ["linked", "default", "nightly-latest"]
# TODO: Add ubuntu back for `nightly-latest` and `latest` once CLI v2.17.4 is available.
operatingSystems: ["macos"]
env:
DOTNET_GENERATE_ASPNET_CERTIFICATE: "false"
steps:

4
pr-checks/checks/test-autobuild-working-dir.yml
View file

@ -1,6 +1,6 @@
name: "Autobuild working directory"
description: "Tests working-directory input of autobuild action"
versions: ["latest"]
versions: ["linked"]
operatingSystems: ["ubuntu"]
steps:
- name: Test setup
@ -18,8 +18,6 @@ steps:
with:
working-directory: autobuild-dir
- uses: ./../action/analyze
with:
upload-database: false
- name: Check database
shell: bash
run: |

2
pr-checks/checks/test-local-codeql.yml
View file

@ -20,5 +20,3 @@ steps:
shell: bash
run: ./build.sh
- uses: ./../action/analyze
with:
upload-database: false

4
pr-checks/checks/test-proxy.yml
View file

@ -1,6 +1,6 @@
name: "Proxy test"
description: "Tests using a proxy specified by the https_proxy environment variable"
versions: ["latest"]
versions: ["linked"]
operatingSystems: ["ubuntu"]
container:
image: ubuntu:22.04
@ -18,5 +18,3 @@ steps:
languages: javascript
tools: ${{ steps.prepare-test.outputs.tools-url }}
- uses: ./../action/analyze
with:
upload-database: false

7
pr-checks/checks/unset-environment.yml
View file

@ -1,6 +1,8 @@
name: "Test unsetting environment variables"
description: "An end-to-end integration test that unsets some environment variables"
operatingSystems: ["ubuntu"]
# TODO: Switch back to all versions once CLI v2.17.4 is available and running on ubuntu again.
versions: ["stable-v2.14.6", "stable-v2.15.5", "stable-v2.16.6", "linked", "default", "nightly-latest"]
operatingSystems: ["macos"] # TODO: Switch back to ubuntu for `nightly-latest` and `latest` once CLI v2.17.4 is available.
steps:
- uses: ./../action/init
id: init
@ -10,6 +12,9 @@ steps:
- uses: ./../action/.github/actions/setup-swift
with:
codeql-path: ${{ steps.init.outputs.codeql-path }}
- uses: actions/setup-go@v5
with:
go-version: '>=1.21.0'
- name: Build code
shell: bash
run: env -i PATH="$PATH" HOME="$HOME" ./build.sh

2
pr-checks/checks/upload-ref-sha-input.yml
View file

@ -10,9 +10,9 @@ steps:
- name: Build code
shell: bash
run: ./build.sh
# Generate some SARIF we can upload with the upload-sarif step
- uses: ./../action/analyze
with:
upload-database: false
ref: 'refs/heads/main'
sha: '5e235361806c361d4d3f8859e3c897658025a9a2'
upload: never

10
pr-checks/checks/with-checkout-path.yml
View file

@ -1,6 +1,6 @@
name: "Use a custom `checkout_path`"
description: "Checks that a custom `checkout_path` will find the proper commit_oid"
versions: ["latest"]
versions: ["linked"]
steps:
# This ensures we don't accidentally use the original checkout for any part of the test.
- name: Delete original checkout
@ -35,14 +35,6 @@ steps:
checkout_path: x/y/z/some-path/tests/multi-language-repo
ref: v1.1.0
sha: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6
upload: never
upload-database: false
- uses: ./../action/upload-sarif
with:
ref: v1.1.0
sha: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6
checkout_path: x/y/z/some-path/tests/multi-language-repo
- name: Verify SARIF after upload
shell: bash

45
pr-checks/sync.py
View file

@ -1,26 +1,28 @@
#!/usr/bin/env python
import ruamel.yaml
from ruamel.yaml.scalarstring import FoldedScalarString
from ruamel.yaml.scalarstring import FoldedScalarString, SingleQuotedScalarString
import pathlib
import textwrap
# The default set of CodeQL Bundle versions to use for the PR checks.
defaultTestVersions = [
# The oldest supported CodeQL version: 2.11.6. If bumping, update `CODEQL_MINIMUM_VERSION` in `codeql.ts`
"stable-20221211",
# The last CodeQL release in the 2.12 series: 2.12.7.
"stable-20230418",
# The oldest supported CodeQL version: 2.12.6. If bumping, update `CODEQL_MINIMUM_VERSION` in `codeql.ts`
"stable-20230403",
# The last CodeQL release in the 2.13 series: 2.13.5.
"stable-v2.13.5",
# The last CodeQL release in the 2.14 series: 2.14.6.
"stable-v2.14.6",
# The last CodeQL release in the 2.15 series: 2.15.5.
"stable-v2.15.5",
# The last CodeQL release in the 2.16 series: 2.16.6.
"stable-v2.16.6",
# The default version of CodeQL for Dotcom, as determined by feature flags.
"default",
# The version of CodeQL shipped with the Action in `defaults.json`. During the release process
# for a new CodeQL release, there will be a period of time during which this will be newer than
# the default version on Dotcom.
"latest",
"linked",
# A nightly build directly from the our private repo, built in the last 24 hours.
"nightly-latest"
]
@ -46,6 +48,7 @@ def writeHeader(checkStream):
yaml = ruamel.yaml.YAML()
yaml.Representer = NonAliasingRTRepresenter
yaml.indent(mapping=2, sequence=4, offset=2)
this_dir = pathlib.Path(__file__).resolve().parent
@ -62,10 +65,18 @@ for file in (this_dir / 'checks').glob('*.yml'):
if image.startswith(operatingSystem)]
for runnerImage in runnerImages:
matrix.append({
'os': runnerImage,
'version': version
})
# Prior to CLI v2.15.1, ARM runners were not supported by the build tracer.
# "macos-latest" is now an ARM runner, so we run tests on the old CLIs on Intel runners instead.
if version in ["stable-20230403", "stable-v2.13.4", "stable-v2.13.5", "stable-v2.14.6"] and runnerImage == "macos-latest":
matrix.append({
'os': "macos-12",
'version': version
})
else:
matrix.append({
'os': runnerImage,
'version': version
})
useAllPlatformBundle = "false" # Default to false
if checkSpecification.get('useAllPlatformBundle'):
@ -78,9 +89,8 @@ for file in (this_dir / 'checks').glob('*.yml'):
# Ensure that this is serialized as a folded (`>`) string to preserve the readability
# of the generated workflow.
'if': FoldedScalarString(textwrap.dedent('''
matrix.os == 'macos-latest' && (
matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' ||
runner.os == 'macOS' && (
matrix.version == 'stable-20230403' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')
''').strip()),
@ -104,19 +114,13 @@ for file in (this_dir / 'checks').glob('*.yml'):
'setup-kotlin': not 'container' in checkSpecification,
}
},
# We don't support Swift on Windows or prior versions of the CLI.
{
'name': 'Set environment variable for Swift enablement',
'if': "runner.os != 'Windows' && matrix.version == '20221211'",
'shell': 'bash',
'run': 'echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV'
},
]
steps.extend(checkSpecification['steps'])
checkJob = {
'strategy': {
'fail-fast': False,
'matrix': {
'include': matrix
}
@ -157,6 +161,7 @@ for file in (this_dir / 'checks').glob('*.yml'):
'pull_request': {
'types': ["opened", "synchronize", "reopened", "ready_for_review"]
},
'schedule': [{'cron': SingleQuotedScalarString('0 5 * * *')}],
'workflow_dispatch': {}
},
'jobs': {