robojerk/codeql-action

Merge pull request #2580 from jsoref/minor-cleanup

Browse source 
Minor cleanup
This commit is contained in:
Andrew Eisenberg 2024-11-06 14:53:47 -08:00 committed by GitHub
commit 5ac2ddd6fc
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
67 changed files with 99 additions and 80 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.github/workflows/__all-platform-bundle.yml generated vendored
View file

@ -36,7 +36,7 @@ jobs:
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Setup Python on MacOS
- name: Setup Python on macOS
uses: actions/setup-python@v5
if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
with:

2
.github/workflows/__analyze-ref-input.yml generated vendored
View file

@ -40,7 +40,7 @@ jobs:
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Setup Python on MacOS
- name: Setup Python on macOS
uses: actions/setup-python@v5
if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
with:

2
.github/workflows/__autobuild-action.yml generated vendored
View file

@ -40,7 +40,7 @@ jobs:
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Setup Python on MacOS
- name: Setup Python on macOS
uses: actions/setup-python@v5
if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
with:

2
.github/workflows/__autobuild-direct-tracing-with-working-dir.yml generated vendored
View file

@ -42,7 +42,7 @@ jobs:
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Setup Python on MacOS
- name: Setup Python on macOS
uses: actions/setup-python@v5
if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
with:

2
.github/workflows/__autobuild-direct-tracing.yml generated vendored
View file

@ -42,7 +42,7 @@ jobs:
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Setup Python on MacOS
- name: Setup Python on macOS
uses: actions/setup-python@v5
if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
with:

2
.github/workflows/__build-mode-autobuild.yml generated vendored
View file

@ -36,7 +36,7 @@ jobs:
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Setup Python on MacOS
- name: Setup Python on macOS
uses: actions/setup-python@v5
if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
with:

2
.github/workflows/__build-mode-manual.yml generated vendored
View file

@ -36,7 +36,7 @@ jobs:
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Setup Python on MacOS
- name: Setup Python on macOS
uses: actions/setup-python@v5
if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
with:

2
.github/workflows/__build-mode-none.yml generated vendored
View file

@ -38,7 +38,7 @@ jobs:
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Setup Python on MacOS
- name: Setup Python on macOS
uses: actions/setup-python@v5
if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
with:

2
.github/workflows/__build-mode-rollback.yml generated vendored
View file

@ -36,7 +36,7 @@ jobs:
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Setup Python on MacOS
- name: Setup Python on macOS
uses: actions/setup-python@v5
if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
with:

2
.github/workflows/__cleanup-db-cluster-dir.yml generated vendored
View file

@ -36,7 +36,7 @@ jobs:
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Setup Python on MacOS
- name: Setup Python on macOS
uses: actions/setup-python@v5
if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
with:

2
.github/workflows/__config-export.yml generated vendored
View file

@ -46,7 +46,7 @@ jobs:
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Setup Python on MacOS
- name: Setup Python on macOS
uses: actions/setup-python@v5
if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
with:

2
.github/workflows/__config-input.yml generated vendored
View file

@ -36,7 +36,7 @@ jobs:
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Setup Python on MacOS
- name: Setup Python on macOS
uses: actions/setup-python@v5
if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
with:

2
.github/workflows/__cpp-deptrace-disabled.yml generated vendored
View file

@ -40,7 +40,7 @@ jobs:
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Setup Python on MacOS
- name: Setup Python on macOS
uses: actions/setup-python@v5
if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
with:

2
.github/workflows/__cpp-deptrace-enabled-on-macos.yml generated vendored
View file

@ -36,7 +36,7 @@ jobs:
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Setup Python on MacOS
- name: Setup Python on macOS
uses: actions/setup-python@v5
if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
with:

2
.github/workflows/__cpp-deptrace-enabled.yml generated vendored
View file

@ -40,7 +40,7 @@ jobs:
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Setup Python on MacOS
- name: Setup Python on macOS
uses: actions/setup-python@v5
if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
with:

2
.github/workflows/__diagnostics-export.yml generated vendored
View file

@ -46,7 +46,7 @@ jobs:
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Setup Python on MacOS
- name: Setup Python on macOS
uses: actions/setup-python@v5
if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
with:

2
.github/workflows/__export-file-baseline-information.yml generated vendored
View file

@ -40,7 +40,7 @@ jobs:
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Setup Python on MacOS
- name: Setup Python on macOS
uses: actions/setup-python@v5
if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
with:

2
.github/workflows/__extractor-ram-threads.yml generated vendored
View file

@ -36,7 +36,7 @@ jobs:
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Setup Python on MacOS
- name: Setup Python on macOS
uses: actions/setup-python@v5
if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
with:

2
.github/workflows/__go-custom-queries.yml generated vendored
View file

@ -38,7 +38,7 @@ jobs:
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Setup Python on MacOS
- name: Setup Python on macOS
uses: actions/setup-python@v5
if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
with:

2
.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml generated vendored
View file

@ -36,7 +36,7 @@ jobs:
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Setup Python on MacOS
- name: Setup Python on macOS
uses: actions/setup-python@v5
if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
with:

2
.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml generated vendored
View file

@ -36,7 +36,7 @@ jobs:
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Setup Python on MacOS
- name: Setup Python on macOS
uses: actions/setup-python@v5
if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
with:

2
.github/workflows/__go-indirect-tracing-workaround.yml generated vendored
View file

@ -36,7 +36,7 @@ jobs:
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Setup Python on MacOS
- name: Setup Python on macOS
uses: actions/setup-python@v5
if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
with:

2
.github/workflows/__go-tracing-autobuilder.yml generated vendored
View file

@ -66,7 +66,7 @@ jobs:
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Setup Python on MacOS
- name: Setup Python on macOS
uses: actions/setup-python@v5
if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
with:

2
.github/workflows/__go-tracing-custom-build-steps.yml generated vendored
View file

@ -66,7 +66,7 @@ jobs:
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Setup Python on MacOS
- name: Setup Python on macOS
uses: actions/setup-python@v5
if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
with:

2
.github/workflows/__go-tracing-legacy-workflow.yml generated vendored
View file

@ -66,7 +66,7 @@ jobs:
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Setup Python on MacOS
- name: Setup Python on macOS
uses: actions/setup-python@v5
if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
with:

2
.github/workflows/__init-with-registries.yml generated vendored
View file

@ -53,7 +53,7 @@ jobs:
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Setup Python on MacOS
- name: Setup Python on macOS
uses: actions/setup-python@v5
if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
with:

2
.github/workflows/__javascript-source-root.yml generated vendored
View file

@ -40,7 +40,7 @@ jobs:
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Setup Python on MacOS
- name: Setup Python on macOS
uses: actions/setup-python@v5
if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
with:

2
.github/workflows/__job-run-uuid-sarif.yml generated vendored
View file

@ -36,7 +36,7 @@ jobs:
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Setup Python on MacOS
- name: Setup Python on macOS
uses: actions/setup-python@v5
if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
with:

2
.github/workflows/__language-aliases.yml generated vendored
View file

@ -36,7 +36,7 @@ jobs:
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Setup Python on MacOS
- name: Setup Python on macOS
uses: actions/setup-python@v5
if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
with:

4
.github/workflows/__multi-language-autodetect.yml generated vendored
View file

@ -66,7 +66,7 @@ jobs:
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Setup Python on MacOS
- name: Setup Python on macOS
uses: actions/setup-python@v5
if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
with:
@ -146,7 +146,7 @@ jobs:
exit 1
fi
- name: Check language autodetect for Swift on MacOS
- name: Check language autodetect for Swift on macOS
if: runner.os == 'macOS'
shell: bash
run: |

4
.github/workflows/__packaging-codescanning-config-inputs-js.yml generated vendored
View file

@ -52,7 +52,7 @@ jobs:
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Setup Python on MacOS
- name: Setup Python on macOS
uses: actions/setup-python@v5
if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
with:
@ -84,7 +84,7 @@ jobs:
uses: ./../action/.github/actions/check-sarif
with:
sarif-file: ${{ runner.temp }}/results/javascript.sarif
queries-run:
queries-run:
javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
queries-not-run: foo,bar

4
.github/workflows/__packaging-config-inputs-js.yml generated vendored
View file

@ -52,7 +52,7 @@ jobs:
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Setup Python on MacOS
- name: Setup Python on macOS
uses: actions/setup-python@v5
if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
with:
@ -84,7 +84,7 @@ jobs:
uses: ./../action/.github/actions/check-sarif
with:
sarif-file: ${{ runner.temp }}/results/javascript.sarif
queries-run:
queries-run:
javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
queries-not-run: foo,bar

4
.github/workflows/__packaging-config-js.yml generated vendored
View file

@ -52,7 +52,7 @@ jobs:
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Setup Python on MacOS
- name: Setup Python on macOS
uses: actions/setup-python@v5
if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
with:
@ -83,7 +83,7 @@ jobs:
uses: ./../action/.github/actions/check-sarif
with:
sarif-file: ${{ runner.temp }}/results/javascript.sarif
queries-run:
queries-run:
javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
queries-not-run: foo,bar

4
.github/workflows/__packaging-inputs-js.yml generated vendored
View file

@ -52,7 +52,7 @@ jobs:
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Setup Python on MacOS
- name: Setup Python on macOS
uses: actions/setup-python@v5
if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
with:
@ -83,7 +83,7 @@ jobs:
uses: ./../action/.github/actions/check-sarif
with:
sarif-file: ${{ runner.temp }}/results/javascript.sarif
queries-run:
queries-run:
javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
queries-not-run: foo,bar

2
.github/workflows/__remote-config.yml generated vendored
View file

@ -38,7 +38,7 @@ jobs:
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Setup Python on MacOS
- name: Setup Python on macOS
uses: actions/setup-python@v5
if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
with:

4
.github/workflows/__resolve-environment-action.yml generated vendored
View file

@ -52,7 +52,7 @@ jobs:
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Setup Python on MacOS
- name: Setup Python on macOS
uses: actions/setup-python@v5
if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
with:
@ -88,7 +88,7 @@ jobs:
language: javascript-typescript
- name: Fail if JavaScript/TypeScript configuration present
if:
if:
fromJSON(steps.resolve-environment-js.outputs.environment).configuration.javascript
run: exit 1
env:

2
.github/workflows/__rubocop-multi-language.yml generated vendored
View file

@ -36,7 +36,7 @@ jobs:
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Setup Python on MacOS
- name: Setup Python on macOS
uses: actions/setup-python@v5
if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
with:

2
.github/workflows/__ruby.yml generated vendored
View file

@ -46,7 +46,7 @@ jobs:
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Setup Python on MacOS
- name: Setup Python on macOS
uses: actions/setup-python@v5
if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
with:

2
.github/workflows/__split-workflow.yml generated vendored
View file

@ -46,7 +46,7 @@ jobs:
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Setup Python on MacOS
- name: Setup Python on macOS
uses: actions/setup-python@v5
if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
with:

2
.github/workflows/__submit-sarif-failure.yml generated vendored
View file

@ -40,7 +40,7 @@ jobs:
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Setup Python on MacOS
- name: Setup Python on macOS
uses: actions/setup-python@v5
if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
with:

2
.github/workflows/__swift-autobuild.yml generated vendored
View file

@ -36,7 +36,7 @@ jobs:
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Setup Python on MacOS
- name: Setup Python on macOS
uses: actions/setup-python@v5
if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
with:

2
.github/workflows/__swift-custom-build.yml generated vendored
View file

@ -40,7 +40,7 @@ jobs:
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Setup Python on MacOS
- name: Setup Python on macOS
uses: actions/setup-python@v5
if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
with:

2
.github/workflows/__test-autobuild-working-dir.yml generated vendored
View file

@ -36,7 +36,7 @@ jobs:
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Setup Python on MacOS
- name: Setup Python on macOS
uses: actions/setup-python@v5
if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
with:

2
.github/workflows/__test-local-codeql.yml generated vendored
View file

@ -36,7 +36,7 @@ jobs:
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Setup Python on MacOS
- name: Setup Python on macOS
uses: actions/setup-python@v5
if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
with:

2
.github/workflows/__test-proxy.yml generated vendored
View file

@ -36,7 +36,7 @@ jobs:
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Setup Python on MacOS
- name: Setup Python on macOS
uses: actions/setup-python@v5
if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
with:

2
.github/workflows/__unset-environment.yml generated vendored
View file

@ -38,7 +38,7 @@ jobs:
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Setup Python on MacOS
- name: Setup Python on macOS
uses: actions/setup-python@v5
if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
with:

2
.github/workflows/__upload-ref-sha-input.yml generated vendored
View file

@ -40,7 +40,7 @@ jobs:
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Setup Python on MacOS
- name: Setup Python on macOS
uses: actions/setup-python@v5
if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
with:

2
.github/workflows/__with-checkout-path.yml generated vendored
View file

@ -40,7 +40,7 @@ jobs:
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Setup Python on MacOS
- name: Setup Python on macOS
uses: actions/setup-python@v5
if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
with:

6
.github/workflows/__zstd-bundle-streaming.yml generated vendored
View file

@ -38,7 +38,7 @@ jobs:
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Setup Python on MacOS
- name: Setup Python on macOS
uses: actions/setup-python@v5
if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
with:
@ -59,7 +59,9 @@ jobs:
const fs = require('fs');
const path = require('path');
const codeqlPath = path.join(process.env['RUNNER_TOOL_CACHE'], 'CodeQL');
fs.rmdirSync(codeqlPath, { recursive: true });
if (codeqlPath !== undefined) {
fs.rmdirSync(codeqlPath, { recursive: true });
}
- id: init
uses: ./../action/init
with:

6
.github/workflows/__zstd-bundle.yml generated vendored
View file

@ -40,7 +40,7 @@ jobs:
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Setup Python on MacOS
- name: Setup Python on macOS
uses: actions/setup-python@v5
if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
with:
@ -61,7 +61,9 @@ jobs:
const fs = require('fs');
const path = require('path');
const codeqlPath = path.join(process.env['RUNNER_TOOL_CACHE'], 'CodeQL');
fs.rmdirSync(codeqlPath, { recursive: true });
if (codeqlPath !== undefined) {
fs.rmdirSync(codeqlPath, { recursive: true });
}
- id: init
uses: ./../action/init
with:

2
.github/workflows/debug-artifacts-failure.yml vendored
View file

@ -50,7 +50,7 @@ jobs:
run: ./build.sh
- uses: ./../action/analyze
id: analysis
env:
env:
# Forces a failure in this step.
CODEQL_ACTION_EXTRA_OPTIONS: '{ "database": { "finalize": ["--invalid-option"] } }'
with:

2
.github/workflows/debug-artifacts-legacy.yml vendored
View file

@ -56,7 +56,7 @@ jobs:
debug-artifact-name: my-debug-artifacts
debug-database-name: my-db
# We manually exclude Swift from the languages list here, as it is not supported on Ubuntu
languages: cpp,csharp,go,java,javascript,python,ruby
languages: cpp,csharp,go,java,javascript,python,ruby
- name: Build code
shell: bash
run: ./build.sh

2
.github/workflows/debug-artifacts.yml vendored
View file

@ -55,7 +55,7 @@ jobs:
debug-artifact-name: my-debug-artifacts
debug-database-name: my-db
# We manually exclude Swift from the languages list here, as it is not supported on Ubuntu
languages: cpp,csharp,go,java,javascript,python,ruby
languages: cpp,csharp,go,java,javascript,python,ruby
- name: Build code
shell: bash
run: ./build.sh

3
.github/workflows/expected-queries-runs.yml vendored
View file

@ -22,6 +22,9 @@ jobs:
CODEQL_ACTION_TEST_MODE: true
timeout-minutes: 45
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
steps:
- name: Check out repository
uses: actions/checkout@v4

2
.github/workflows/publish-immutable-action.yml vendored
View file

@ -32,4 +32,4 @@ jobs:
- name: Publish
if: steps.check.outputs.is-action-release == 'true'
id: publish
uses: actions/publish-immutable-action@0.0.3
uses: actions/publish-immutable-action@v0.0.4

2
.github/workflows/script/check-js.sh vendored
View file

@ -7,7 +7,7 @@ if [ ! -z "$(git status --porcelain)" ]; then
>&2 echo "Failed: Repo should be clean before testing!"
exit 1
fi
# Wipe the lib directory incase there are extra unnecessary files in there
# Wipe the lib directory in case there are extra unnecessary files in there
rm -rf lib
# Generate the JavaScript files
npm run-script build

6
CHANGELOG.md
View file

@ -57,12 +57,12 @@ No user facing changes.
## 3.26.5 - 23 Aug 2024
- Fix an issue where the `csrutil` system call used for telemetry would fail on MacOS ARM machines with System Integrity Protection disabled. [#2441](https://github.com/github/codeql-action/pull/2441)
- Fix an issue where the `csrutil` system call used for telemetry would fail on macOS ARM machines with System Integrity Protection disabled. [#2441](https://github.com/github/codeql-action/pull/2441)
## 3.26.4 - 21 Aug 2024
- _Deprecation:_ The `add-snippets` input on the `analyze` Action is deprecated and will be removed in the first release in August 2025. [#2436](https://github.com/github/codeql-action/pull/2436)
- Fix an issue where the disk usage system call used for telemetry would fail on MacOS ARM machines with System Integrity Protection disabled, and then surface a warning. The system call is now disabled for these machines. [#2434](https://github.com/github/codeql-action/pull/2434)
- Fix an issue where the disk usage system call used for telemetry would fail on macOS ARM machines with System Integrity Protection disabled, and then surface a warning. The system call is now disabled for these machines. [#2434](https://github.com/github/codeql-action/pull/2434)
## 3.26.3 - 19 Aug 2024
@ -140,7 +140,7 @@ No user facing changes.
## 3.25.3 - 25 Apr 2024
- Update default CodeQL bundle version to 2.17.1. [#2247](https://github.com/github/codeql-action/pull/2247)
- Workflows running on `macos-latest` using CodeQL CLI versions before v2.15.1 will need to either upgrade their CLI version to v2.15.1 or newer, or change the platform to an Intel MacOS runner, such as `macos-12`. ARM machines with SIP disabled, including the newest `macos-latest` image, are unsupported for CLI versions before 2.15.1. [#2261](https://github.com/github/codeql-action/pull/2261)
- Workflows running on `macos-latest` using CodeQL CLI versions before v2.15.1 will need to either upgrade their CLI version to v2.15.1 or newer, or change the platform to an Intel macOS runner, such as `macos-12`. ARM machines with SIP disabled, including the newest `macos-latest` image, are unsupported for CLI versions before 2.15.1. [#2261](https://github.com/github/codeql-action/pull/2261)
## 3.25.2 - 22 Apr 2024

2
lib/environment.js generated
View file

@ -44,7 +44,7 @@ var EnvVar;
/** Whether the init action has been run. */
EnvVar["INIT_ACTION_HAS_RUN"] = "CODEQL_ACTION_INIT_HAS_RUN";
/**
* For MacOS. Result of `csrutil status` to determine whether System Integrity
* For macOS. Result of `csrutil status` to determine whether System Integrity
* Protection is enabled.
*/
EnvVar["IS_SIP_ENABLED"] = "CODEQL_ACTION_IS_SIP_ENABLED";

4
lib/init-action.js generated
View file

@ -330,13 +330,13 @@ async function run() {
if ((0, caching_utils_1.shouldRestoreCache)(config.dependencyCachingEnabled)) {
await (0, dependency_caching_1.downloadDependencyCaches)(config.languages, logger);
}
// For CLI versions <2.15.1, build tracing caused errors in MacOS ARM machines with
// For CLI versions <2.15.1, build tracing caused errors in macOS ARM machines with
// System Integrity Protection (SIP) disabled.
if (!(await (0, util_1.codeQlVersionAtLeast)(codeql, "2.15.1")) &&
process.platform === "darwin" &&
(process.arch === "arm" || process.arch === "arm64") &&
!(await (0, util_1.checkSipEnablement)(logger))) {
logger.warning("CodeQL versions 2.15.0 and lower are not supported on MacOS ARM machines with System Integrity Protection (SIP) disabled.");
logger.warning("CodeQL versions 2.15.0 and lower are not supported on macOS ARM machines with System Integrity Protection (SIP) disabled.");
}
// From 2.16.0 the default for the python extractor is to not perform any
// dependency extraction. For versions before that, you needed to set this flag to

2
lib/tracer-config.js generated
View file

@ -92,7 +92,7 @@ async function getCombinedTracerConfig(codeql, config) {
// If the CLI doesn't yet support setting the CODEQL_RUNNER environment variable to
// the runner executable path, we set it here in the Action.
if (!(await codeql.supportsFeature(tools_features_1.ToolsFeature.SetsCodeqlRunnerEnvVar))) {
// On MacOS when System Integrity Protection is enabled, it's necessary to prefix
// On macOS when System Integrity Protection is enabled, it's necessary to prefix
// the build command with the runner executable for indirect tracing, so we expose
// it here via the CODEQL_RUNNER environment variable.
// The executable also exists and works for other platforms so we unconditionally

4
pr-checks/checks/multi-language-autodetect.yml
View file

@ -1,5 +1,5 @@
name: "Multi-language repository"
description: "An end-to-end integration test of a multi-language repository using automatic language detection for MacOS"
description: "An end-to-end integration test of a multi-language repository using automatic language detection for macOS"
operatingSystems: ["macos", "ubuntu"]
steps:
- uses: actions/setup-go@v5
@ -67,7 +67,7 @@ steps:
exit 1
fi
- name: Check language autodetect for Swift on MacOS
- name: Check language autodetect for Swift on macOS
if: runner.os == 'macOS'
shell: bash
run: |

4
pr-checks/checks/zstd-bundle-streaming.yml
View file

@ -16,7 +16,9 @@ steps:
const fs = require('fs');
const path = require('path');
const codeqlPath = path.join(process.env['RUNNER_TOOL_CACHE'], 'CodeQL');
fs.rmdirSync(codeqlPath, { recursive: true });
if (codeqlPath !== undefined) {
fs.rmdirSync(codeqlPath, { recursive: true });
}
- id: init
uses: ./../action/init
with:

4
pr-checks/checks/zstd-bundle.yml
View file

@ -16,7 +16,9 @@ steps:
const fs = require('fs');
const path = require('path');
const codeqlPath = path.join(process.env['RUNNER_TOOL_CACHE'], 'CodeQL');
fs.rmdirSync(codeqlPath, { recursive: true });
if (codeqlPath !== undefined) {
fs.rmdirSync(codeqlPath, { recursive: true });
}
- id: init
uses: ./../action/init
with:

12
pr-checks/sync.py
View file

@ -4,6 +4,7 @@ import ruamel.yaml
from ruamel.yaml.scalarstring import FoldedScalarString, SingleQuotedScalarString
import pathlib
import textwrap
import os
# The default set of CodeQL Bundle versions to use for the PR checks.
defaultTestVersions = [
@ -98,7 +99,7 @@ for file in (this_dir / 'checks').glob('*.yml'):
steps = [
{
'name': 'Setup Python on MacOS',
'name': 'Setup Python on macOS',
'uses': 'actions/setup-python@v5',
'if': "runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'",
'with': {
@ -153,7 +154,8 @@ for file in (this_dir / 'checks').glob('*.yml'):
checkJob['env']['CODEQL_ACTION_TEST_MODE'] = True
checkName = file.stem
with open(this_dir.parent / ".github" / "workflows" / f"__{checkName}.yml", 'w') as output_stream:
raw_file = this_dir.parent / ".github" / "workflows" / f"__{checkName}.yml.raw"
with open(raw_file, 'w') as output_stream:
writeHeader(output_stream)
yaml.dump({
'name': f"PR Check - {checkSpecification['name']}",
@ -175,3 +177,9 @@ for file in (this_dir / 'checks').glob('*.yml'):
checkName: checkJob
}
}, output_stream)
with open(raw_file, 'r') as input_stream:
with open(this_dir.parent / ".github" / "workflows" / f"__{checkName}.yml", 'w') as output_stream:
content = input_stream.read()
output_stream.write("\n".join(list(map(lambda x:x.rstrip(), content.splitlines()))+['']))
os.remove(raw_file)

2
src/environment.ts
View file

@ -51,7 +51,7 @@ export enum EnvVar {
INIT_ACTION_HAS_RUN = "CODEQL_ACTION_INIT_HAS_RUN",
/**
* For MacOS. Result of `csrutil status` to determine whether System Integrity
* For macOS. Result of `csrutil status` to determine whether System Integrity
* Protection is enabled.
*/
IS_SIP_ENABLED = "CODEQL_ACTION_IS_SIP_ENABLED",

4
src/init-action.ts
View file

@ -566,7 +566,7 @@ async function run() {
await downloadDependencyCaches(config.languages, logger);
}
// For CLI versions <2.15.1, build tracing caused errors in MacOS ARM machines with
// For CLI versions <2.15.1, build tracing caused errors in macOS ARM machines with
// System Integrity Protection (SIP) disabled.
if (
!(await codeQlVersionAtLeast(codeql, "2.15.1")) &&
@ -575,7 +575,7 @@ async function run() {
!(await checkSipEnablement(logger))
) {
logger.warning(
"CodeQL versions 2.15.0 and lower are not supported on MacOS ARM machines with System Integrity Protection (SIP) disabled.",
"CodeQL versions 2.15.0 and lower are not supported on macOS ARM machines with System Integrity Protection (SIP) disabled.",
);
}

2
src/tracer-config.ts
View file

@ -111,7 +111,7 @@ export async function getCombinedTracerConfig(
// If the CLI doesn't yet support setting the CODEQL_RUNNER environment variable to
// the runner executable path, we set it here in the Action.
if (!(await codeql.supportsFeature(ToolsFeature.SetsCodeqlRunnerEnvVar))) {
// On MacOS when System Integrity Protection is enabled, it's necessary to prefix
// On macOS when System Integrity Protection is enabled, it's necessary to prefix
// the build command with the runner executable for indirect tracing, so we expose
// it here via the CODEQL_RUNNER environment variable.
// The executable also exists and works for other platforms so we unconditionally