Merge remote-tracking branch 'origin/main' into henrymercer/start-go-tracing-in-init

2022-09-02 17:39:17 +01:00 · 2022-09-02 17:39:17 +01:00 · 62b4f237aa
commit 62b4f237aa
parent 6699d47420 21530f507f
11 changed files with 37 additions and 26 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -2,7 +2,13 @@

 ## [UNRELEASED]

+No user facing changes.
+
+## 2.1.22 - 01 Sep 2022
+
 - Downloading CodeQL packs has been moved to the `init` step. Previously, CodeQL packs were downloaded during the `analyze` step. [#1218](https://github.com/github/codeql-action/pull/1218)
+- Update default CodeQL bundle version to 2.10.4. [#1224](https://github.com/github/codeql-action/pull/1224)
+- The newly released [Poetry 1.2](https://python-poetry.org/blog/announcing-poetry-1.2.0) is not yet supported. In the most common case where the CodeQL Action is automatically installing Python dependencies, it will continue to install and use Poetry 1.1 on its own. However, in certain cases such as with self-hosted runners, you may need to ensure Poetry 1.1 is installed yourself.

 ## 2.1.21 - 25 Aug 2022

--- a/lib/codeql.js
+++ b/lib/codeql.js
@ -82,6 +82,7 @@ const CODEQL_VERSION_CUSTOM_QUERY_HELP = "2.7.1";
 exports.CODEQL_VERSION_ML_POWERED_QUERIES = "2.7.5";
 const CODEQL_VERSION_LUA_TRACER_CONFIG = "2.10.0";
 exports.CODEQL_VERSION_CONFIG_FILES = "2.10.1";
+const CODEQL_VERSION_LUA_TRACING_GO_WINDOWS_FIXED = "2.10.4";
 /**
 * This variable controls using the new style of tracing from the CodeQL
 * CLI. In particular, with versions above this we will use both indirect
@ -503,12 +504,13 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                }
                if (await util.codeQlVersionAbove(this, CODEQL_VERSION_LUA_TRACER_CONFIG)) {
                    if ((await featureFlags.getValue(feature_flags_1.FeatureFlag.LuaTracerConfigEnabled)) &&
-                        // There's a bug in Lua tracing for Go on Windows in versions 2.10.3 and earlier,
-                        // so don't use Lua tracing when tracing Go on Windows.
-                        // Once we've released a fix, we should add a version gate based on the fixed version.
-                        !(config.languages.includes(languages_1.Language.go) &&
-                            (0, languages_1.isTracedLanguage)(languages_1.Language.go, isGoExtractionReconciliationEnabled, logger) &&
-                            process.platform === "win32")) {
+                        // There's a bug in Lua tracing for Go on Windows in versions earlier than
+                        // `CODEQL_VERSION_LUA_TRACING_GO_WINDOWS_FIXED`, so don't use Lua tracing
+                        // when tracing Go on Windows on these CodeQL versions.
+                        (!config.languages.includes(languages_1.Language.go) ||
+                            !(0, languages_1.isTracedLanguage)(languages_1.Language.go, isGoExtractionReconciliationEnabled, logger) ||
+                            process.platform !== "win32" ||
+                            (await util.codeQlVersionAbove(this, CODEQL_VERSION_LUA_TRACING_GO_WINDOWS_FIXED)))) {
                        extraArgs.push("--internal-use-lua-tracing");
                    }
                    else {
--- a/lib/codeql.js.map
+++ b/lib/codeql.js.map
--- a/lib/defaults.json
+++ b/lib/defaults.json
@ -1,3 +1,3 @@
 {
-    "bundleVersion": "codeql-bundle-20220811"
+    "bundleVersion": "codeql-bundle-20220825"
 }
--- a/node_modules/.package-lock.json
+++ b/node_modules/.package-lock.json
@ -1,6 +1,6 @@
 {
  "name": "codeql",
-  "version": "2.1.22",
+  "version": "2.1.23",
  "lockfileVersion": 2,
  "requires": true,
  "packages": {
--- a/package-lock.json
+++ b/package-lock.json
@ -1,12 +1,12 @@
 {
  "name": "codeql",
-  "version": "2.1.22",
+  "version": "2.1.23",
  "lockfileVersion": 2,
  "requires": true,
  "packages": {
    "": {
      "name": "codeql",
-      "version": "2.1.22",
+      "version": "2.1.23",
      "license": "MIT",
      "dependencies": {
        "@actions/artifact": "^1.0.0",
--- a/package.json
+++ b/package.json
@ -1,6 +1,6 @@
 {
  "name": "codeql",
-  "version": "2.1.22",
+  "version": "2.1.23",
  "private": true,
  "description": "CodeQL action",
  "scripts": {
--- a/python-setup/install_tools.ps1
+++ b/python-setup/install_tools.ps1
@ -8,6 +8,6 @@ py -3 -m pip install --user --upgrade pip setuptools wheel
 py -2 -m pip install --user 'virtualenv<20.11'
 py -3 -m pip install --user 'virtualenv<20.11'

-# poetry 1.0.10 has error (https://github.com/python-poetry/poetry/issues/2711)
-py -3 -m pip install --user poetry!=1.0.10
+# We aren't compatible with poetry 1.2
+py -3 -m pip install --user "poetry>=1.1,<1.2"
 py -3 -m pip install --user pipenv
--- a/python-setup/install_tools.sh
+++ b/python-setup/install_tools.sh
@ -24,8 +24,8 @@ python3 -m pip install --user 'virtualenv<20.11'
 #       "program uses threads.", RuntimeWarning)
 #     LGTM_PYTHON_SETUP_VERSION=The currently activated Python version 2.7.18 is not supported by the project (^3.5). Trying to find and use a compatible version. Using python3 (3.8.2) 3

-# poetry 1.0.10 has error (https://github.com/python-poetry/poetry/issues/2711)
-python3 -m pip install --user poetry!=1.0.10
+# We aren't compatible with poetry 1.2
+python3 -m pip install --user "poetry>=1.1,<1.2"
 python3 -m pip install --user pipenv

 if command -v python2 >/dev/null 2>&1; then
--- a/src/codeql.ts
+++ b/src/codeql.ts
@ -251,6 +251,7 @@ const CODEQL_VERSION_CUSTOM_QUERY_HELP = "2.7.1";
 export const CODEQL_VERSION_ML_POWERED_QUERIES = "2.7.5";
 const CODEQL_VERSION_LUA_TRACER_CONFIG = "2.10.0";
 export const CODEQL_VERSION_CONFIG_FILES = "2.10.1";
+const CODEQL_VERSION_LUA_TRACING_GO_WINDOWS_FIXED = "2.10.4";

 /**
 * This variable controls using the new style of tracing from the CodeQL
@ -799,18 +800,20 @@ async function getCodeQLForCmd(
        ) {
          if (
            (await featureFlags.getValue(FeatureFlag.LuaTracerConfigEnabled)) &&
-            // There's a bug in Lua tracing for Go on Windows in versions 2.10.3 and earlier,
-            // so don't use Lua tracing when tracing Go on Windows.
-            // Once we've released a fix, we should add a version gate based on the fixed version.
-            !(
-              config.languages.includes(Language.go) &&
-              isTracedLanguage(
+            // There's a bug in Lua tracing for Go on Windows in versions earlier than
+            // `CODEQL_VERSION_LUA_TRACING_GO_WINDOWS_FIXED`, so don't use Lua tracing
+            // when tracing Go on Windows on these CodeQL versions.
+            (!config.languages.includes(Language.go) ||
+              !isTracedLanguage(
                Language.go,
                isGoExtractionReconciliationEnabled,
                logger
-              ) &&
-              process.platform === "win32"
-            )
+              ) ||
+              process.platform !== "win32" ||
+              (await util.codeQlVersionAbove(
+                this,
+                CODEQL_VERSION_LUA_TRACING_GO_WINDOWS_FIXED
+              )))
          ) {
            extraArgs.push("--internal-use-lua-tracing");
          } else {
--- a/src/defaults.json
+++ b/src/defaults.json
@ -1,3 +1,3 @@
 {
-  "bundleVersion": "codeql-bundle-20220811"
+  "bundleVersion": "codeql-bundle-20220825"
 }