robojerk/codeql-action

Merge pull request #2009 from github/henrymercer/drop-codeql-v2.11.5

Browse source 
Remove support for CodeQL v2.11.5 and earlier
This commit is contained in:
Henry Mercer 2024-01-04 13:27:31 +00:00 committed by GitHub
commit 7963a60016
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
65 changed files with 67 additions and 769 deletions
Download patch file Download diff file Expand all files Collapse all files

8
.github/workflows/__all-platform-bundle.yml generated vendored
View file

@ -39,8 +39,6 @@ jobs:
if: >-
matrix.os == 'macos-latest' && (
matrix.version == 'stable-20220908' ||
matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' ||
@ -59,11 +57,7 @@ jobs:
version: ${{ matrix.version }}
use-all-platform-bundle: 'true'
- name: Set environment variable for Swift enablement
if: >-
runner.os != 'Windows' && (
matrix.version == '20220908' ||
matrix.version == '20221211'
)
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- id: init

8
.github/workflows/__analyze-ref-input.yml generated vendored
View file

@ -43,8 +43,6 @@ jobs:
if: >-
matrix.os == 'macos-latest' && (
matrix.version == 'stable-20220908' ||
matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' ||
@ -63,11 +61,7 @@ jobs:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement
if: >-
runner.os != 'Windows' && (
matrix.version == '20220908' ||
matrix.version == '20221211'
)
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init

8
.github/workflows/__autobuild-action.yml generated vendored
View file

@ -43,8 +43,6 @@ jobs:
if: >-
matrix.os == 'macos-latest' && (
matrix.version == 'stable-20220908' ||
matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' ||
@ -63,11 +61,7 @@ jobs:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement
if: >-
runner.os != 'Windows' && (
matrix.version == '20220908' ||
matrix.version == '20221211'
)
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init

8
.github/workflows/__config-export.yml generated vendored
View file

@ -49,8 +49,6 @@ jobs:
if: >-
matrix.os == 'macos-latest' && (
matrix.version == 'stable-20220908' ||
matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' ||
@ -69,11 +67,7 @@ jobs:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement
if: >-
runner.os != 'Windows' && (
matrix.version == '20220908' ||
matrix.version == '20221211'
)
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init

8
.github/workflows/__cpp-deptrace-disabled.yml generated vendored
View file

@ -43,8 +43,6 @@ jobs:
if: >-
matrix.os == 'macos-latest' && (
matrix.version == 'stable-20220908' ||
matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' ||
@ -63,11 +61,7 @@ jobs:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement
if: >-
runner.os != 'Windows' && (
matrix.version == '20220908' ||
matrix.version == '20221211'
)
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- name: Test setup

8
.github/workflows/__cpp-deptrace-enabled-on-macos.yml generated vendored
View file

@ -39,8 +39,6 @@ jobs:
if: >-
matrix.os == 'macos-latest' && (
matrix.version == 'stable-20220908' ||
matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' ||
@ -59,11 +57,7 @@ jobs:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement
if: >-
runner.os != 'Windows' && (
matrix.version == '20220908' ||
matrix.version == '20221211'
)
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- name: Test setup

8
.github/workflows/__cpp-deptrace-enabled.yml generated vendored
View file

@ -43,8 +43,6 @@ jobs:
if: >-
matrix.os == 'macos-latest' && (
matrix.version == 'stable-20220908' ||
matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' ||
@ -63,11 +61,7 @@ jobs:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement
if: >-
runner.os != 'Windows' && (
matrix.version == '20220908' ||
matrix.version == '20221211'
)
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- name: Test setup

8
.github/workflows/__diagnostics-export.yml generated vendored
View file

@ -55,8 +55,6 @@ jobs:
if: >-
matrix.os == 'macos-latest' && (
matrix.version == 'stable-20220908' ||
matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' ||
@ -75,11 +73,7 @@ jobs:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement
if: >-
runner.os != 'Windows' && (
matrix.version == '20220908' ||
matrix.version == '20221211'
)
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init

8
.github/workflows/__export-file-baseline-information.yml generated vendored
View file

@ -43,8 +43,6 @@ jobs:
if: >-
matrix.os == 'macos-latest' && (
matrix.version == 'stable-20220908' ||
matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' ||
@ -63,11 +61,7 @@ jobs:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement
if: >-
runner.os != 'Windows' && (
matrix.version == '20220908' ||
matrix.version == '20221211'
)
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init

8
.github/workflows/__extractor-ram-threads.yml generated vendored
View file

@ -39,8 +39,6 @@ jobs:
if: >-
matrix.os == 'macos-latest' && (
matrix.version == 'stable-20220908' ||
matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' ||
@ -59,11 +57,7 @@ jobs:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement
if: >-
runner.os != 'Windows' && (
matrix.version == '20220908' ||
matrix.version == '20221211'
)
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init

14
.github/workflows/__go-custom-queries.yml generated vendored
View file

@ -25,12 +25,6 @@ jobs:
strategy:
matrix:
include:
- os: ubuntu-latest
version: stable-20220908
- os: macos-latest
version: stable-20220908
- os: windows-latest
version: stable-20220908
- os: ubuntu-latest
version: stable-20221211
- os: macos-latest
@ -85,8 +79,6 @@ jobs:
if: >-
matrix.os == 'macos-latest' && (
matrix.version == 'stable-20220908' ||
matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' ||
@ -105,11 +97,7 @@ jobs:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement
if: >-
runner.os != 'Windows' && (
matrix.version == '20220908' ||
matrix.version == '20221211'
)
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init

8
.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml generated vendored
View file

@ -39,8 +39,6 @@ jobs:
if: >-
matrix.os == 'macos-latest' && (
matrix.version == 'stable-20220908' ||
matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' ||
@ -59,11 +57,7 @@ jobs:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement
if: >-
runner.os != 'Windows' && (
matrix.version == '20220908' ||
matrix.version == '20221211'
)
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: actions/setup-go@v5

8
.github/workflows/__go-indirect-tracing-workaround.yml generated vendored
View file

@ -39,8 +39,6 @@ jobs:
if: >-
matrix.os == 'macos-latest' && (
matrix.version == 'stable-20220908' ||
matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' ||
@ -59,11 +57,7 @@ jobs:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement
if: >-
runner.os != 'Windows' && (
matrix.version == '20220908' ||
matrix.version == '20221211'
)
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: actions/setup-go@v5

12
.github/workflows/__go-tracing-autobuilder.yml generated vendored
View file

@ -25,10 +25,6 @@ jobs:
strategy:
matrix:
include:
- os: ubuntu-latest
version: stable-20220908
- os: macos-latest
version: stable-20220908
- os: ubuntu-latest
version: stable-20221211
- os: macos-latest
@ -69,8 +65,6 @@ jobs:
if: >-
matrix.os == 'macos-latest' && (
matrix.version == 'stable-20220908' ||
matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' ||
@ -89,11 +83,7 @@ jobs:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement
if: >-
runner.os != 'Windows' && (
matrix.version == '20220908' ||
matrix.version == '20221211'
)
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: actions/setup-go@v5

12
.github/workflows/__go-tracing-custom-build-steps.yml generated vendored
View file

@ -25,10 +25,6 @@ jobs:
strategy:
matrix:
include:
- os: ubuntu-latest
version: stable-20220908
- os: macos-latest
version: stable-20220908
- os: ubuntu-latest
version: stable-20221211
- os: macos-latest
@ -69,8 +65,6 @@ jobs:
if: >-
matrix.os == 'macos-latest' && (
matrix.version == 'stable-20220908' ||
matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' ||
@ -89,11 +83,7 @@ jobs:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement
if: >-
runner.os != 'Windows' && (
matrix.version == '20220908' ||
matrix.version == '20221211'
)
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: actions/setup-go@v5

12
.github/workflows/__go-tracing-legacy-workflow.yml generated vendored
View file

@ -25,10 +25,6 @@ jobs:
strategy:
matrix:
include:
- os: ubuntu-latest
version: stable-20220908
- os: macos-latest
version: stable-20220908
- os: ubuntu-latest
version: stable-20221211
- os: macos-latest
@ -69,8 +65,6 @@ jobs:
if: >-
matrix.os == 'macos-latest' && (
matrix.version == 'stable-20220908' ||
matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' ||
@ -89,11 +83,7 @@ jobs:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement
if: >-
runner.os != 'Windows' && (
matrix.version == '20220908' ||
matrix.version == '20221211'
)
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: actions/setup-go@v5

8
.github/workflows/__init-with-registries.yml generated vendored
View file

@ -56,8 +56,6 @@ jobs:
if: >-
matrix.os == 'macos-latest' && (
matrix.version == 'stable-20220908' ||
matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' ||
@ -76,11 +74,7 @@ jobs:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement
if: >-
runner.os != 'Windows' && (
matrix.version == '20220908' ||
matrix.version == '20221211'
)
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- name: Init with registries

8
.github/workflows/__javascript-source-root.yml generated vendored
View file

@ -43,8 +43,6 @@ jobs:
if: >-
matrix.os == 'macos-latest' && (
matrix.version == 'stable-20220908' ||
matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' ||
@ -63,11 +61,7 @@ jobs:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement
if: >-
runner.os != 'Windows' && (
matrix.version == '20220908' ||
matrix.version == '20221211'
)
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- name: Move codeql-action

8
.github/workflows/__language-aliases.yml generated vendored
View file

@ -39,8 +39,6 @@ jobs:
if: >-
matrix.os == 'macos-latest' && (
matrix.version == 'stable-20220908' ||
matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' ||
@ -59,11 +57,7 @@ jobs:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement
if: >-
runner.os != 'Windows' && (
matrix.version == '20220908' ||
matrix.version == '20221211'
)
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init

12
.github/workflows/__multi-language-autodetect.yml generated vendored
View file

@ -25,10 +25,6 @@ jobs:
strategy:
matrix:
include:
- os: ubuntu-latest
version: stable-20220908
- os: macos-latest
version: stable-20220908
- os: ubuntu-latest
version: stable-20221211
- os: macos-latest
@ -69,8 +65,6 @@ jobs:
if: >-
matrix.os == 'macos-latest' && (
matrix.version == 'stable-20220908' ||
matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' ||
@ -89,11 +83,7 @@ jobs:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement
if: >-
runner.os != 'Windows' && (
matrix.version == '20220908' ||
matrix.version == '20221211'
)
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init

8
.github/workflows/__packaging-codescanning-config-inputs-js.yml generated vendored
View file

@ -55,8 +55,6 @@ jobs:
if: >-
matrix.os == 'macos-latest' && (
matrix.version == 'stable-20220908' ||
matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' ||
@ -75,11 +73,7 @@ jobs:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement
if: >-
runner.os != 'Windows' && (
matrix.version == '20220908' ||
matrix.version == '20221211'
)
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init

8
.github/workflows/__packaging-config-inputs-js.yml generated vendored
View file

@ -55,8 +55,6 @@ jobs:
if: >-
matrix.os == 'macos-latest' && (
matrix.version == 'stable-20220908' ||
matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' ||
@ -75,11 +73,7 @@ jobs:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement
if: >-
runner.os != 'Windows' && (
matrix.version == '20220908' ||
matrix.version == '20221211'
)
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init

8
.github/workflows/__packaging-config-js.yml generated vendored
View file

@ -55,8 +55,6 @@ jobs:
if: >-
matrix.os == 'macos-latest' && (
matrix.version == 'stable-20220908' ||
matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' ||
@ -75,11 +73,7 @@ jobs:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement
if: >-
runner.os != 'Windows' && (
matrix.version == '20220908' ||
matrix.version == '20221211'
)
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init

8
.github/workflows/__packaging-inputs-js.yml generated vendored
View file

@ -55,8 +55,6 @@ jobs:
if: >-
matrix.os == 'macos-latest' && (
matrix.version == 'stable-20220908' ||
matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' ||
@ -75,11 +73,7 @@ jobs:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement
if: >-
runner.os != 'Windows' && (
matrix.version == '20220908' ||
matrix.version == '20221211'
)
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init

14
.github/workflows/__remote-config.yml generated vendored
View file

@ -25,12 +25,6 @@ jobs:
strategy:
matrix:
include:
- os: ubuntu-latest
version: stable-20220908
- os: macos-latest
version: stable-20220908
- os: windows-latest
version: stable-20220908
- os: ubuntu-latest
version: stable-20221211
- os: macos-latest
@ -85,8 +79,6 @@ jobs:
if: >-
matrix.os == 'macos-latest' && (
matrix.version == 'stable-20220908' ||
matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' ||
@ -105,11 +97,7 @@ jobs:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement
if: >-
runner.os != 'Windows' && (
matrix.version == '20220908' ||
matrix.version == '20221211'
)
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init

8
.github/workflows/__resolve-environment-action.yml generated vendored
View file

@ -61,8 +61,6 @@ jobs:
if: >-
matrix.os == 'macos-latest' && (
matrix.version == 'stable-20220908' ||
matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' ||
@ -81,11 +79,7 @@ jobs:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement
if: >-
runner.os != 'Windows' && (
matrix.version == '20220908' ||
matrix.version == '20221211'
)
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init

8
.github/workflows/__rubocop-multi-language.yml generated vendored
View file

@ -39,8 +39,6 @@ jobs:
if: >-
matrix.os == 'macos-latest' && (
matrix.version == 'stable-20220908' ||
matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' ||
@ -59,11 +57,7 @@ jobs:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement
if: >-
runner.os != 'Windows' && (
matrix.version == '20220908' ||
matrix.version == '20221211'
)
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- name: Set up Ruby

8
.github/workflows/__ruby.yml generated vendored
View file

@ -49,8 +49,6 @@ jobs:
if: >-
matrix.os == 'macos-latest' && (
matrix.version == 'stable-20220908' ||
matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' ||
@ -69,11 +67,7 @@ jobs:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement
if: >-
runner.os != 'Windows' && (
matrix.version == '20220908' ||
matrix.version == '20221211'
)
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init

12
.github/workflows/__scaling-reserved-ram.yml generated vendored
View file

@ -25,10 +25,6 @@ jobs:
strategy:
matrix:
include:
- os: ubuntu-latest
version: stable-20220908
- os: macos-latest
version: stable-20220908
- os: ubuntu-latest
version: stable-20221211
- os: macos-latest
@ -69,8 +65,6 @@ jobs:
if: >-
matrix.os == 'macos-latest' && (
matrix.version == 'stable-20220908' ||
matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' ||
@ -89,11 +83,7 @@ jobs:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement
if: >-
runner.os != 'Windows' && (
matrix.version == '20220908' ||
matrix.version == '20221211'
)
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init

8
.github/workflows/__split-workflow.yml generated vendored
View file

@ -49,8 +49,6 @@ jobs:
if: >-
matrix.os == 'macos-latest' && (
matrix.version == 'stable-20220908' ||
matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' ||
@ -69,11 +67,7 @@ jobs:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement
if: >-
runner.os != 'Windows' && (
matrix.version == '20220908' ||
matrix.version == '20221211'
)
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init

8
.github/workflows/__submit-sarif-failure.yml generated vendored
View file

@ -43,8 +43,6 @@ jobs:
if: >-
matrix.os == 'macos-latest' && (
matrix.version == 'stable-20220908' ||
matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' ||
@ -63,11 +61,7 @@ jobs:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement
if: >-
runner.os != 'Windows' && (
matrix.version == '20220908' ||
matrix.version == '20221211'
)
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: actions/checkout@v4

8
.github/workflows/__swift-custom-build.yml generated vendored
View file

@ -49,8 +49,6 @@ jobs:
if: >-
matrix.os == 'macos-latest' && (
matrix.version == 'stable-20220908' ||
matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' ||
@ -69,11 +67,7 @@ jobs:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement
if: >-
runner.os != 'Windows' && (
matrix.version == '20220908' ||
matrix.version == '20221211'
)
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init

8
.github/workflows/__test-autobuild-working-dir.yml generated vendored
View file

@ -39,8 +39,6 @@ jobs:
if: >-
matrix.os == 'macos-latest' && (
matrix.version == 'stable-20220908' ||
matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' ||
@ -59,11 +57,7 @@ jobs:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement
if: >-
runner.os != 'Windows' && (
matrix.version == '20220908' ||
matrix.version == '20221211'
)
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- name: Test setup

8
.github/workflows/__test-local-codeql.yml generated vendored
View file

@ -39,8 +39,6 @@ jobs:
if: >-
matrix.os == 'macos-latest' && (
matrix.version == 'stable-20220908' ||
matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' ||
@ -59,11 +57,7 @@ jobs:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement
if: >-
runner.os != 'Windows' && (
matrix.version == '20220908' ||
matrix.version == '20221211'
)
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- name: Fetch a CodeQL bundle

8
.github/workflows/__test-proxy.yml generated vendored
View file

@ -39,8 +39,6 @@ jobs:
if: >-
matrix.os == 'macos-latest' && (
matrix.version == 'stable-20220908' ||
matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' ||
@ -59,11 +57,7 @@ jobs:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement
if: >-
runner.os != 'Windows' && (
matrix.version == '20220908' ||
matrix.version == '20221211'
)
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init

10
.github/workflows/__unset-environment.yml generated vendored
View file

@ -25,8 +25,6 @@ jobs:
strategy:
matrix:
include:
- os: ubuntu-latest
version: stable-20220908
- os: ubuntu-latest
version: stable-20221211
- os: ubuntu-latest
@ -53,8 +51,6 @@ jobs:
if: >-
matrix.os == 'macos-latest' && (
matrix.version == 'stable-20220908' ||
matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' ||
@ -73,11 +69,7 @@ jobs:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement
if: >-
runner.os != 'Windows' && (
matrix.version == '20220908' ||
matrix.version == '20221211'
)
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init

8
.github/workflows/__upload-ref-sha-input.yml generated vendored
View file

@ -43,8 +43,6 @@ jobs:
if: >-
matrix.os == 'macos-latest' && (
matrix.version == 'stable-20220908' ||
matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' ||
@ -63,11 +61,7 @@ jobs:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement
if: >-
runner.os != 'Windows' && (
matrix.version == '20220908' ||
matrix.version == '20221211'
)
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init

14
.github/workflows/__with-checkout-path.yml generated vendored
View file

@ -25,12 +25,6 @@ jobs:
strategy:
matrix:
include:
- os: ubuntu-latest
version: stable-20220908
- os: macos-latest
version: stable-20220908
- os: windows-latest
version: stable-20220908
- os: ubuntu-latest
version: stable-20221211
- os: macos-latest
@ -85,8 +79,6 @@ jobs:
if: >-
matrix.os == 'macos-latest' && (
matrix.version == 'stable-20220908' ||
matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' ||
@ -105,11 +97,7 @@ jobs:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement
if: >-
runner.os != 'Windows' && (
matrix.version == '20220908' ||
matrix.version == '20221211'
)
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- name: Delete original checkout

11
.github/workflows/debug-artifacts-failure.yml vendored
View file

@ -42,17 +42,6 @@ jobs:
- uses: actions/setup-go@v5
with:
go-version: ^1.13.1
- name: Setup Python on MacOS
uses: actions/setup-python@v5
if: |
matrix.os == 'macos-latest' && (
matrix.version == 'stable-20220908' ||
matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')
with:
python-version: '3.11'
- uses: ./../action/init
with:
tools: ${{ steps.prepare-test.outputs.tools-url }}

4
.github/workflows/debug-artifacts.yml vendored
View file

@ -25,7 +25,6 @@ jobs:
- ubuntu-latest
- macos-latest
version:
- stable-20220908
- stable-20221211
- stable-20230418
- stable-v2.13.5
@ -53,7 +52,6 @@ jobs:
uses: actions/setup-python@v5
if: |
matrix.os == 'macos-latest' && (
matrix.version == 'stable-20220908' ||
matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' ||
matrix.version == 'stable-v2.13.5' ||
@ -86,7 +84,7 @@ jobs:
- name: Check expected artifacts exist
shell: bash
run: |
VERSIONS="stable-20220908 stable-20221211 stable-20230418 stable-v2.13.5 stable-v2.14.6 default latest nightly-latest"
VERSIONS="stable-20221211 stable-20230418 stable-v2.13.5 stable-v2.14.6 default latest nightly-latest"
LANGUAGES="cpp csharp go java javascript python"
for version in $VERSIONS; do
for os in ubuntu-latest macos-latest; do

12
.github/workflows/pr-checks.yml vendored
View file

@ -95,18 +95,6 @@ jobs:
timeout-minutes: 45
steps:
- name: Setup Python on MacOS
uses: actions/setup-python@v5
if: |
matrix.os == 'macos-latest' && (
matrix.version == 'stable-20220908' ||
matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')
with:
python-version: '3.11'
- uses: actions/checkout@v4
- name: npm test
run: |

12
.github/workflows/python-deps.yml vendored
View file

@ -36,18 +36,6 @@ jobs:
PYTHON_VERSION: ${{ matrix.python_version }}
steps:
- name: Setup Python on MacOS
uses: actions/setup-python@v5
if: |
matrix.os == 'macos-latest' && (
matrix.version == 'stable-20220908' ||
matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')
with:
python-version: '3.11'
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v4

2
CHANGELOG.md
View file

@ -6,7 +6,7 @@ Note that the only difference between `v2` and `v3` of the CodeQL Action is the
## [UNRELEASED]
No user facing changes.
- The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see [the corresponding changelog entry for CodeQL Action version 2.22.7](#2227---16-nov-2023). [#2009](https://github.com/github/codeql-action/pull/2009)
## 3.22.12 - 22 Dec 2023

16
lib/codeql.js generated
View file

@ -23,7 +23,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
return result;
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.getGeneratedCodeScanningConfigPath = exports.getTrapCachingExtractorConfigArgsForLang = exports.getTrapCachingExtractorConfigArgs = exports.getExtraOptions = exports.getCodeQLForCmd = exports.getCodeQLForTesting = exports.getCachedCodeQL = exports.setCodeQL = exports.getCodeQL = exports.setupCodeQL = exports.CODEQL_VERSION_SUBLANGUAGE_FILE_COVERAGE = exports.CODEQL_VERSION_ANALYSIS_SUMMARY_V2 = exports.CODEQL_VERSION_LANGUAGE_ALIASING = exports.CODEQL_VERSION_LANGUAGE_BASELINE_CONFIG = exports.CODEQL_VERSION_RESOLVE_ENVIRONMENT = exports.CODEQL_VERSION_DIAGNOSTICS_EXPORT_FIXED = exports.CODEQL_VERSION_BETTER_NO_CODE_ERROR_MESSAGE = exports.CODEQL_VERSION_INIT_WITH_QLCONFIG = exports.CODEQL_VERSION_EXPORT_CODE_SCANNING_CONFIG = exports.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = exports.CODEQL_VERSION_EXPORT_FAILED_SARIF = exports.CommandInvocationError = void 0;
exports.getGeneratedCodeScanningConfigPath = exports.getTrapCachingExtractorConfigArgsForLang = exports.getTrapCachingExtractorConfigArgs = exports.getExtraOptions = exports.getCodeQLForCmd = exports.getCodeQLForTesting = exports.getCachedCodeQL = exports.setCodeQL = exports.getCodeQL = exports.setupCodeQL = exports.CODEQL_VERSION_SUBLANGUAGE_FILE_COVERAGE = exports.CODEQL_VERSION_ANALYSIS_SUMMARY_V2 = exports.CODEQL_VERSION_LANGUAGE_ALIASING = exports.CODEQL_VERSION_LANGUAGE_BASELINE_CONFIG = exports.CODEQL_VERSION_RESOLVE_ENVIRONMENT = exports.CODEQL_VERSION_DIAGNOSTICS_EXPORT_FIXED = exports.CODEQL_VERSION_BETTER_NO_CODE_ERROR_MESSAGE = exports.CODEQL_VERSION_INIT_WITH_QLCONFIG = exports.CODEQL_VERSION_EXPORT_CODE_SCANNING_CONFIG = exports.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = exports.CommandInvocationError = void 0;
const fs = __importStar(require("fs"));
const path = __importStar(require("path"));
const core = __importStar(require("@actions/core"));
@ -73,7 +73,7 @@ let cachedCodeQL = undefined;
* The version flags below can be used to conditionally enable certain features
* on versions newer than this.
*/
const CODEQL_MINIMUM_VERSION = "2.10.5";
const CODEQL_MINIMUM_VERSION = "2.11.6";
/**
* This version will shortly become the oldest version of CodeQL that the Action will run with.
*/
@ -92,13 +92,7 @@ const GHES_MOST_RECENT_DEPRECATION_DATE = "2023-11-08";
* flag is older than the oldest supported version above, it may be removed.
*/
/**
* Versions 2.11.3+ of the CodeQL CLI support exporting a failed SARIF file via
* `codeql database export-diagnostics` or `codeql diagnostics export`.
*/
exports.CODEQL_VERSION_EXPORT_FAILED_SARIF = "2.11.3";
const CODEQL_VERSION_FILE_BASELINE_INFORMATION = "2.11.3";
/**
* Versions 2.11.1+ of the CodeQL Bundle include a `security-experimental` built-in query suite for
* Versions 2.12.1+ of the CodeQL Bundle include a `security-experimental` built-in query suite for
* each language.
*/
exports.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = "2.12.1";
@ -503,6 +497,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
addSnippetsFlag,
"--print-diagnostics-summary",
"--print-metrics-summary",
"--sarif-add-baseline-file-info",
"--sarif-add-query-help",
"--sarif-group-rules-by-pack",
...(await getCodeScanningConfigExportArguments(config, this)),
@ -511,9 +506,6 @@ async function getCodeQLForCmd(cmd, checkVersion) {
if (automationDetailsId !== undefined) {
codeqlArgs.push("--sarif-category", automationDetailsId);
}
if (await util.codeQlVersionAbove(this, CODEQL_VERSION_FILE_BASELINE_INFORMATION)) {
codeqlArgs.push("--sarif-add-baseline-file-info");
}
if (await isSublanguageFileCoverageEnabled(config, this)) {
codeqlArgs.push("--sublanguage-file-coverage");
}

2
lib/codeql.js.map
View file

File diff suppressed because one or more lines are too long

18
lib/codeql.test.js generated
View file

@ -604,24 +604,6 @@ const injectedConfigMacro = ava_1.default.macro({
t.false(hasQlconfigArg, "should NOT have injected a qlconfig");
});
});
(0, ava_1.default)("databaseInterpretResults() sets --sarif-add-baseline-file-info for 2.11.3", async (t) => {
const runnerConstructorStub = stubToolRunnerConstructor();
const codeqlObject = await codeql.getCodeQLForTesting();
sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.11.3"));
// safeWhich throws because of the test CodeQL object.
sinon.stub(safeWhich, "safeWhich").resolves("");
await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "", stubConfig, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
t.true(runnerConstructorStub.firstCall.args[1].includes("--sarif-add-baseline-file-info"), "--sarif-add-baseline-file-info should be present, but it is absent");
});
(0, ava_1.default)("databaseInterpretResults() does not set --sarif-add-baseline-file-info for 2.11.2", async (t) => {
const runnerConstructorStub = stubToolRunnerConstructor();
const codeqlObject = await codeql.getCodeQLForTesting();
sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.11.2"));
// safeWhich throws because of the test CodeQL object.
sinon.stub(safeWhich, "safeWhich").resolves("");
await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "", stubConfig, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
t.false(runnerConstructorStub.firstCall.args[1].includes("--sarif-add-baseline-file-info"), "--sarif-add-baseline-file-info must be absent, but it is present");
});
const NEW_ANALYSIS_SUMMARY_TEST_CASES = [
{
codeqlVersion: "2.15.0",

2
lib/codeql.test.js.map
View file

File diff suppressed because one or more lines are too long

2
lib/feature-flags.js generated
View file

@ -75,7 +75,7 @@ exports.featureConfig = {
},
[Feature.CliConfigFileEnabled]: {
envVar: "CODEQL_PASS_CONFIG_TO_CLI",
minimumVersion: "2.11.6",
minimumVersion: undefined,
defaultValue: true,
},
[Feature.EvaluatorFineGrainedParallelismEnabled]: {

2
lib/feature-flags.js.map
View file

File diff suppressed because one or more lines are too long

5
lib/init-action-post-helper.js generated
View file

@ -49,10 +49,6 @@ async function maybeUploadFailedSarif(config, repositoryNwo, features, logger) {
if (!config.codeQLCmd) {
return { upload_failed_run_skipped_because: "CodeQL command not found" };
}
const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
if (!(await (0, util_1.codeQlVersionAbove)(codeql, codeql_1.CODEQL_VERSION_EXPORT_FAILED_SARIF))) {
return { upload_failed_run_skipped_because: "Unsupported by CodeQL CLI" };
}
const workflow = await (0, workflow_1.getWorkflow)(logger);
const jobName = (0, util_1.getRequiredEnvParam)("GITHUB_JOB");
const matrix = (0, util_1.parseMatrixInput)(actionsUtil.getRequiredInput("matrix"));
@ -64,6 +60,7 @@ async function maybeUploadFailedSarif(config, repositoryNwo, features, logger) {
const category = (0, workflow_1.getCategoryInputOrThrow)(workflow, jobName, matrix);
const checkoutPath = (0, workflow_1.getCheckoutPathInputOrThrow)(workflow, jobName, matrix);
const databasePath = config.dbLocation;
const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
const sarifFile = "../codeql-failed-run.sarif";
// If there is no database or the feature flag is off, we run 'export diagnostics'
if (databasePath === undefined ||

2
lib/init-action-post-helper.js.map
View file

File diff suppressed because one or more lines are too long

36
lib/upload-lib.js generated
View file

@ -26,10 +26,9 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.pruneInvalidResults = exports.validateUniqueCategory = exports.waitForProcessing = exports.buildPayload = exports.validateSarifFileSchema = exports.uploadFromActions = exports.findSarifFilesInDir = exports.populateRunAutomationDetails = void 0;
exports.validateUniqueCategory = exports.waitForProcessing = exports.buildPayload = exports.validateSarifFileSchema = exports.uploadFromActions = exports.findSarifFilesInDir = exports.populateRunAutomationDetails = void 0;
const fs = __importStar(require("fs"));
const path = __importStar(require("path"));
const process_1 = require("process");
const zlib_1 = __importDefault(require("zlib"));
const core = __importStar(require("@actions/core"));
const file_url_1 = __importDefault(require("file-url"));
@ -264,8 +263,6 @@ async function uploadFiles(sarifFiles, repositoryNwo, commitOid, ref, analysisKe
let sarif = combineSarifFiles(sarifFiles);
sarif = await fingerprints.addFingerprints(sarif, sourceRoot, logger);
sarif = populateRunAutomationDetails(sarif, category, analysisKey, environment);
if (process_1.env["CODEQL_DISABLE_SARIF_PRUNING"] !== "true")
sarif = pruneInvalidResults(sarif, logger);
const toolNames = util.getToolNames(sarif);
validateUniqueCategory(sarif);
const sarifPayload = JSON.stringify(sarif);
@ -432,37 +429,6 @@ exports.validateUniqueCategory = validateUniqueCategory;
function sanitize(str) {
return (str ?? "_").replace(/[^a-zA-Z0-9_]/g, "_").toLocaleUpperCase();
}
function pruneInvalidResults(sarif, logger) {
let pruned = 0;
const newRuns = [];
for (const run of sarif.runs || []) {
if (run.tool?.driver?.name === "CodeQL" &&
run.tool?.driver?.semanticVersion === "2.11.2") {
// Version 2.11.2 of the CodeQL CLI had many false positives in the
// rb/weak-cryptographic-algorithm query which we prune here. The
// issue is tracked in https://github.com/github/codeql/issues/11107.
const newResults = [];
for (const result of run.results || []) {
if (result.ruleId === "rb/weak-cryptographic-algorithm" &&
(result.message?.text?.includes(" MD5 ") ||
result.message?.text?.includes(" SHA1 "))) {
pruned += 1;
continue;
}
newResults.push(result);
}
newRuns.push({ ...run, results: newResults });
}
else {
newRuns.push(run);
}
}
if (pruned > 0) {
logger.info(`Pruned ${pruned} results believed to be invalid from SARIF file.`);
}
return { ...sarif, runs: newRuns };
}
exports.pruneInvalidResults = pruneInvalidResults;
/**
* An error that occurred due to an invalid SARIF upload request.
*/

2
lib/upload-lib.js.map
View file

File diff suppressed because one or more lines are too long

100
lib/upload-lib.test.js generated
View file

@ -32,7 +32,6 @@ const ava_1 = __importDefault(require("ava"));
const logging_1 = require("./logging");
const testing_utils_1 = require("./testing-utils");
const uploadLib = __importStar(require("./upload-lib"));
const upload_lib_1 = require("./upload-lib");
const util_1 = require("./util");
(0, testing_utils_1.setupTests)(ava_1.default);
ava_1.default.beforeEach(() => {
@ -184,55 +183,6 @@ ava_1.default.beforeEach(() => {
t.throws(() => uploadLib.validateUniqueCategory(sarif1));
t.throws(() => uploadLib.validateUniqueCategory(sarif2));
});
(0, ava_1.default)("pruneInvalidResults", (t) => {
const loggedMessages = [];
const mockLogger = {
info: (message) => {
loggedMessages.push(message);
},
};
const sarif = {
runs: [
{
tool: otherTool,
results: [resultWithBadMessage1, resultWithGoodMessage],
},
{
tool: affectedCodeQLVersion,
results: [
resultWithOtherRuleId,
resultWithBadMessage1,
resultWithBadMessage2,
resultWithGoodMessage,
],
},
{
tool: unaffectedCodeQLVersion,
results: [resultWithBadMessage1, resultWithGoodMessage],
},
],
};
const result = (0, upload_lib_1.pruneInvalidResults)(sarif, mockLogger);
const expected = {
runs: [
{
tool: otherTool,
results: [resultWithBadMessage1, resultWithGoodMessage],
},
{
tool: affectedCodeQLVersion,
results: [resultWithOtherRuleId, resultWithGoodMessage],
},
{
tool: unaffectedCodeQLVersion,
results: [resultWithBadMessage1, resultWithGoodMessage],
},
],
};
t.deepEqual(result, expected);
t.deepEqual(loggedMessages.length, 1);
t.assert(loggedMessages[0].includes("Pruned 2 results"));
});
(0, ava_1.default)("accept results with invalid artifactLocation.uri value", (t) => {
const loggedMessages = [];
const mockLogger = {
@ -245,56 +195,6 @@ ava_1.default.beforeEach(() => {
t.deepEqual(loggedMessages.length, 1);
t.deepEqual(loggedMessages[0], "Warning: 'not a valid URI' is not a valid URI in 'instance.runs[0].results[0].locations[0].physicalLocation.artifactLocation.uri'.");
});
const affectedCodeQLVersion = {
driver: {
name: "CodeQL",
semanticVersion: "2.11.2",
},
};
const unaffectedCodeQLVersion = {
driver: {
name: "CodeQL",
semanticVersion: "2.11.3",
},
};
const otherTool = {
driver: {
name: "Some other tool",
semanticVersion: "2.11.2",
},
};
const resultWithOtherRuleId = {
ruleId: "doNotPrune",
message: {
text: "should not be pruned even though it says MD5 in it",
},
locations: [],
partialFingerprints: {},
};
const resultWithGoodMessage = {
ruleId: "rb/weak-cryptographic-algorithm",
message: {
text: "should not be pruned SHA128 is not a FP",
},
locations: [],
partialFingerprints: {},
};
const resultWithBadMessage1 = {
ruleId: "rb/weak-cryptographic-algorithm",
message: {
text: "should be pruned MD5 is a FP",
},
locations: [],
partialFingerprints: {},
};
const resultWithBadMessage2 = {
ruleId: "rb/weak-cryptographic-algorithm",
message: {
text: "should be pruned SHA1 is a FP",
},
locations: [],
partialFingerprints: {},
};
function createMockSarif(id, tool) {
return {
runs: [

2
lib/upload-lib.test.js.map
View file

File diff suppressed because one or more lines are too long

2
node_modules/.package-lock.json generated vendored
View file

@ -1,6 +1,6 @@
{
"name": "codeql",
"version": "3.22.13",
"version": "3.23.0",
"lockfileVersion": 3,
"requires": true,
"packages": {

4
package-lock.json generated
View file

@ -1,12 +1,12 @@
{
"name": "codeql",
"version": "3.22.13",
"version": "3.23.0",
"lockfileVersion": 3,
"requires": true,
"packages": {
"": {
"name": "codeql",
"version": "3.22.13",
"version": "3.23.0",
"license": "MIT",
"dependencies": {
"@actions/artifact": "^1.1.2",

2
package.json
View file

@ -1,6 +1,6 @@
{
"name": "codeql",
"version": "3.22.13",
"version": "3.23.0",
"private": true,
"description": "CodeQL action",
"scripts": {

14
pr-checks/sync.py
View file

@ -7,9 +7,7 @@ import textwrap
# The default set of CodeQL Bundle versions to use for the PR checks.
defaultTestVersions = [
# The oldest supported CodeQL version: 2.10.5. If bumping, update `CODEQL_MINIMUM_VERSION` in `codeql.ts`
"stable-20220908",
# The last CodeQL release in the 2.11 series: 2.11.6.
# The oldest supported CodeQL version: 2.11.6. If bumping, update `CODEQL_MINIMUM_VERSION` in `codeql.ts`
"stable-20221211",
# The last CodeQL release in the 2.12 series: 2.12.7.
"stable-20230418",
@ -81,7 +79,6 @@ for file in (this_dir / 'checks').glob('*.yml'):
# of the generated workflow.
'if': FoldedScalarString(textwrap.dedent('''
matrix.os == 'macos-latest' && (
matrix.version == 'stable-20220908' ||
matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' ||
matrix.version == 'stable-v2.13.5' ||
@ -107,14 +104,7 @@ for file in (this_dir / 'checks').glob('*.yml'):
# We don't support Swift on Windows or prior versions of the CLI.
{
'name': 'Set environment variable for Swift enablement',
# Ensure that this is serialized as a folded (`>`) string to preserve the readability
# of the generated workflow.
'if': FoldedScalarString(textwrap.dedent('''
runner.os != 'Windows' && (
matrix.version == '20220908' ||
matrix.version == '20221211'
)
''').strip()),
'if': "runner.os != 'Windows' && matrix.version == '20221211'",
'shell': 'bash',
'run': 'echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV'
},

52
src/codeql.test.ts
View file

@ -951,58 +951,6 @@ test("does not pass a qlconfig to the CLI when it is undefined", async (t: Execu
});
});
test("databaseInterpretResults() sets --sarif-add-baseline-file-info for 2.11.3", async (t) => {
const runnerConstructorStub = stubToolRunnerConstructor();
const codeqlObject = await codeql.getCodeQLForTesting();
sinon.stub(codeqlObject, "getVersion").resolves(makeVersionInfo("2.11.3"));
// safeWhich throws because of the test CodeQL object.
sinon.stub(safeWhich, "safeWhich").resolves("");
await codeqlObject.databaseInterpretResults(
"",
[],
"",
"",
"",
"-v",
"",
stubConfig,
createFeatures([]),
getRunnerLogger(true),
);
t.true(
runnerConstructorStub.firstCall.args[1].includes(
"--sarif-add-baseline-file-info",
),
"--sarif-add-baseline-file-info should be present, but it is absent",
);
});
test("databaseInterpretResults() does not set --sarif-add-baseline-file-info for 2.11.2", async (t) => {
const runnerConstructorStub = stubToolRunnerConstructor();
const codeqlObject = await codeql.getCodeQLForTesting();
sinon.stub(codeqlObject, "getVersion").resolves(makeVersionInfo("2.11.2"));
// safeWhich throws because of the test CodeQL object.
sinon.stub(safeWhich, "safeWhich").resolves("");
await codeqlObject.databaseInterpretResults(
"",
[],
"",
"",
"",
"-v",
"",
stubConfig,
createFeatures([]),
getRunnerLogger(true),
);
t.false(
runnerConstructorStub.firstCall.args[1].includes(
"--sarif-add-baseline-file-info",
),
"--sarif-add-baseline-file-info must be absent, but it is present",
);
});
const NEW_ANALYSIS_SUMMARY_TEST_CASES = [
{
codeqlVersion: "2.15.0",

21
src/codeql.ts
View file

@ -293,7 +293,7 @@ let cachedCodeQL: CodeQL | undefined = undefined;
* The version flags below can be used to conditionally enable certain features
* on versions newer than this.
*/
const CODEQL_MINIMUM_VERSION = "2.10.5";
const CODEQL_MINIMUM_VERSION = "2.11.6";
/**
* This version will shortly become the oldest version of CodeQL that the Action will run with.
@ -317,15 +317,7 @@ const GHES_MOST_RECENT_DEPRECATION_DATE = "2023-11-08";
*/
/**
* Versions 2.11.3+ of the CodeQL CLI support exporting a failed SARIF file via
* `codeql database export-diagnostics` or `codeql diagnostics export`.
*/
export const CODEQL_VERSION_EXPORT_FAILED_SARIF = "2.11.3";
const CODEQL_VERSION_FILE_BASELINE_INFORMATION = "2.11.3";
/**
* Versions 2.11.1+ of the CodeQL Bundle include a `security-experimental` built-in query suite for
* Versions 2.12.1+ of the CodeQL Bundle include a `security-experimental` built-in query suite for
* each language.
*/
export const CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = "2.12.1";
@ -894,6 +886,7 @@ export async function getCodeQLForCmd(
addSnippetsFlag,
"--print-diagnostics-summary",
"--print-metrics-summary",
"--sarif-add-baseline-file-info",
"--sarif-add-query-help",
"--sarif-group-rules-by-pack",
...(await getCodeScanningConfigExportArguments(config, this)),
@ -902,14 +895,6 @@ export async function getCodeQLForCmd(
if (automationDetailsId !== undefined) {
codeqlArgs.push("--sarif-category", automationDetailsId);
}
if (
await util.codeQlVersionAbove(
this,
CODEQL_VERSION_FILE_BASELINE_INFORMATION,
)
) {
codeqlArgs.push("--sarif-add-baseline-file-info");
}
if (await isSublanguageFileCoverageEnabled(config, this)) {
codeqlArgs.push("--sublanguage-file-coverage");
} else if (

2
src/feature-flags.ts
View file

@ -75,7 +75,7 @@ export const featureConfig: Record<
},
[Feature.CliConfigFileEnabled]: {
envVar: "CODEQL_PASS_CONFIG_TO_CLI",
minimumVersion: "2.11.6",
minimumVersion: undefined,
defaultValue: true,
},
[Feature.EvaluatorFineGrainedParallelismEnabled]: {

8
src/init-action-post-helper.ts
View file

@ -1,6 +1,6 @@
import * as actionsUtil from "./actions-util";
import { getApiClient } from "./api-client";
import { CODEQL_VERSION_EXPORT_FAILED_SARIF, getCodeQL } from "./codeql";
import { getCodeQL } from "./codeql";
import { Config, getConfig } from "./config-utils";
import { EnvVar } from "./environment";
import { Feature, FeatureEnablement } from "./feature-flags";
@ -8,7 +8,6 @@ import { Logger } from "./logging";
import { RepositoryNwo, parseRepositoryNwo } from "./repository";
import * as uploadLib from "./upload-lib";
import {
codeQlVersionAbove,
delay,
getErrorMessage,
getRequiredEnvParam,
@ -58,10 +57,6 @@ async function maybeUploadFailedSarif(
if (!config.codeQLCmd) {
return { upload_failed_run_skipped_because: "CodeQL command not found" };
}
const codeql = await getCodeQL(config.codeQLCmd);
if (!(await codeQlVersionAbove(codeql, CODEQL_VERSION_EXPORT_FAILED_SARIF))) {
return { upload_failed_run_skipped_because: "Unsupported by CodeQL CLI" };
}
const workflow = await getWorkflow(logger);
const jobName = getRequiredEnvParam("GITHUB_JOB");
const matrix = parseMatrixInput(actionsUtil.getRequiredInput("matrix"));
@ -78,6 +73,7 @@ async function maybeUploadFailedSarif(
const checkoutPath = getCheckoutPathInputOrThrow(workflow, jobName, matrix);
const databasePath = config.dbLocation;
const codeql = await getCodeQL(config.codeQLCmd);
const sarifFile = "../codeql-failed-run.sarif";
// If there is no database or the feature flag is off, we run 'export diagnostics'

112
src/upload-lib.test.ts
View file

@ -6,8 +6,7 @@ import test from "ava";
import { getRunnerLogger, Logger } from "./logging";
import { setupTests } from "./testing-utils";
import * as uploadLib from "./upload-lib";
import { pruneInvalidResults } from "./upload-lib";
import { initializeEnvironment, SarifFile, withTmpDir } from "./util";
import { initializeEnvironment, withTmpDir } from "./util";
setupTests(test);
@ -307,59 +306,6 @@ test("validateUniqueCategory for multiple runs", (t) => {
t.throws(() => uploadLib.validateUniqueCategory(sarif2));
});
test("pruneInvalidResults", (t) => {
const loggedMessages: string[] = [];
const mockLogger = {
info: (message: string) => {
loggedMessages.push(message);
},
} as Logger;
const sarif: SarifFile = {
runs: [
{
tool: otherTool,
results: [resultWithBadMessage1, resultWithGoodMessage],
},
{
tool: affectedCodeQLVersion,
results: [
resultWithOtherRuleId,
resultWithBadMessage1,
resultWithBadMessage2,
resultWithGoodMessage,
],
},
{
tool: unaffectedCodeQLVersion,
results: [resultWithBadMessage1, resultWithGoodMessage],
},
],
};
const result = pruneInvalidResults(sarif, mockLogger);
const expected: SarifFile = {
runs: [
{
tool: otherTool,
results: [resultWithBadMessage1, resultWithGoodMessage],
},
{
tool: affectedCodeQLVersion,
results: [resultWithOtherRuleId, resultWithGoodMessage],
},
{
tool: unaffectedCodeQLVersion,
results: [resultWithBadMessage1, resultWithGoodMessage],
},
],
};
t.deepEqual(result, expected);
t.deepEqual(loggedMessages.length, 1);
t.assert(loggedMessages[0].includes("Pruned 2 results"));
});
test("accept results with invalid artifactLocation.uri value", (t) => {
const loggedMessages: string[] = [];
const mockLogger = {
@ -377,62 +323,6 @@ test("accept results with invalid artifactLocation.uri value", (t) => {
"Warning: 'not a valid URI' is not a valid URI in 'instance.runs[0].results[0].locations[0].physicalLocation.artifactLocation.uri'.",
);
});
const affectedCodeQLVersion = {
driver: {
name: "CodeQL",
semanticVersion: "2.11.2",
},
};
const unaffectedCodeQLVersion = {
driver: {
name: "CodeQL",
semanticVersion: "2.11.3",
},
};
const otherTool = {
driver: {
name: "Some other tool",
semanticVersion: "2.11.2",
},
};
const resultWithOtherRuleId = {
ruleId: "doNotPrune",
message: {
text: "should not be pruned even though it says MD5 in it",
},
locations: [],
partialFingerprints: {},
};
const resultWithGoodMessage = {
ruleId: "rb/weak-cryptographic-algorithm",
message: {
text: "should not be pruned SHA128 is not a FP",
},
locations: [],
partialFingerprints: {},
};
const resultWithBadMessage1 = {
ruleId: "rb/weak-cryptographic-algorithm",
message: {
text: "should be pruned MD5 is a FP",
},
locations: [],
partialFingerprints: {},
};
const resultWithBadMessage2 = {
ruleId: "rb/weak-cryptographic-algorithm",
message: {
text: "should be pruned SHA1 is a FP",
},
locations: [],
partialFingerprints: {},
};
function createMockSarif(id?: string, tool?: string) {
return {

45
src/upload-lib.ts
View file

@ -1,6 +1,5 @@
import * as fs from "fs";
import * as path from "path";
import { env } from "process";
import zlib from "zlib";
import * as core from "@actions/core";
@ -15,7 +14,7 @@ import * as fingerprints from "./fingerprints";
import { Logger } from "./logging";
import { parseRepositoryNwo, RepositoryNwo } from "./repository";
import * as util from "./util";
import { SarifFile, SarifResult, SarifRun, UserError, wrapError } from "./util";
import { SarifFile, UserError, wrapError } from "./util";
// Takes a list of paths to sarif files and combines them together,
// returning the contents of the combined sarif file.
@ -372,9 +371,6 @@ async function uploadFiles(
environment,
);
if (env["CODEQL_DISABLE_SARIF_PRUNING"] !== "true")
sarif = pruneInvalidResults(sarif, logger);
const toolNames = util.getToolNames(sarif);
validateUniqueCategory(sarif);
@ -596,45 +592,6 @@ function sanitize(str?: string) {
return (str ?? "_").replace(/[^a-zA-Z0-9_]/g, "_").toLocaleUpperCase();
}
export function pruneInvalidResults(
sarif: SarifFile,
logger: Logger,
): SarifFile {
let pruned = 0;
const newRuns: SarifRun[] = [];
for (const run of sarif.runs || []) {
if (
run.tool?.driver?.name === "CodeQL" &&
run.tool?.driver?.semanticVersion === "2.11.2"
) {
// Version 2.11.2 of the CodeQL CLI had many false positives in the
// rb/weak-cryptographic-algorithm query which we prune here. The
// issue is tracked in https://github.com/github/codeql/issues/11107.
const newResults: SarifResult[] = [];
for (const result of run.results || []) {
if (
result.ruleId === "rb/weak-cryptographic-algorithm" &&
(result.message?.text?.includes(" MD5 ") ||
result.message?.text?.includes(" SHA1 "))
) {
pruned += 1;
continue;
}
newResults.push(result);
}
newRuns.push({ ...run, results: newResults });
} else {
newRuns.push(run);
}
}
if (pruned > 0) {
logger.info(
`Pruned ${pruned} results believed to be invalid from SARIF file.`,
);
}
return { ...sarif, runs: newRuns };
}
/**
* An error that occurred due to an invalid SARIF upload request.
*/