robojerk/codeql-action

Log warning if SIP is disabled and CLI version is < 2.15.1 (#2261)

Browse source 
* PR Checks: use `macos-12` runners for CLI v. < 2.15.1

Prior to CLI v2.15.1, MacOS ARM runners were not supported by the build tracer. "macos-latest" is now an ARM runner, so we run these tests on the old CLIs on Intel runners instead.

* Log a warning if SIP is disabled and CLI is < 2.15.1

* Add changenote for SIP-disabled support on old CLI versions

* Set up Python 3.11 for all MacOS checks
This commit is contained in:
Angela P Wen 2024-04-25 15:20:13 -07:00 committed by GitHub
parent 0ad7791640
commit ac2f82a1ff
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
74 changed files with 251 additions and 136 deletions
Download patch file Download diff file Expand all files Collapse all files

24
src/codeql.ts
View file

@ -597,7 +597,7 @@ export async function getCodeQLForCmd(
}
if (
await util.codeQlVersionAbove(
await util.codeQlVersionAtLeast(
this,
CODEQL_VERSION_LANGUAGE_BASELINE_CONFIG,
)
@ -608,7 +608,7 @@ export async function getCodeQLForCmd(
if (await isSublanguageFileCoverageEnabled(config, this)) {
extraArgs.push("--sublanguage-file-coverage");
} else if (
await util.codeQlVersionAbove(
await util.codeQlVersionAtLeast(
this,
CODEQL_VERSION_SUBLANGUAGE_FILE_COVERAGE,
)
@ -842,7 +842,7 @@ export async function getCodeQLForCmd(
}),
];
if (
await util.codeQlVersionAbove(
await util.codeQlVersionAtLeast(
this,
CODEQL_VERSION_FINE_GRAINED_PARALLELISM,
)
@ -897,7 +897,7 @@ export async function getCodeQLForCmd(
if (await isSublanguageFileCoverageEnabled(config, this)) {
codeqlArgs.push("--sublanguage-file-coverage");
} else if (
await util.codeQlVersionAbove(
await util.codeQlVersionAtLeast(
this,
CODEQL_VERSION_SUBLANGUAGE_FILE_COVERAGE,
)
@ -910,7 +910,7 @@ export async function getCodeQLForCmd(
codeqlArgs.push("--no-sarif-include-diagnostics");
}
if (
(await util.codeQlVersionAbove(
(await util.codeQlVersionAtLeast(
this,
CODEQL_VERSION_ANALYSIS_SUMMARY_V2,
)) &&
@ -1144,7 +1144,7 @@ export async function getCodeQLForCmd(
// CodeQL object is created.
if (
checkVersion &&
!(await util.codeQlVersionAbove(codeql, CODEQL_MINIMUM_VERSION))
!(await util.codeQlVersionAtLeast(codeql, CODEQL_MINIMUM_VERSION))
) {
throw new util.ConfigurationError(
`Expected a CodeQL CLI with version at least ${CODEQL_MINIMUM_VERSION} but got version ${
@ -1154,7 +1154,7 @@ export async function getCodeQLForCmd(
} else if (
checkVersion &&
process.env[EnvVar.SUPPRESS_DEPRECATED_SOON_WARNING] !== "true" &&
!(await util.codeQlVersionAbove(codeql, CODEQL_NEXT_MINIMUM_VERSION))
!(await util.codeQlVersionAtLeast(codeql, CODEQL_NEXT_MINIMUM_VERSION))
) {
const result = await codeql.getVersion();
core.warning(
@ -1403,14 +1403,16 @@ export function getGeneratedCodeScanningConfigPath(config: Config): string {
async function isDiagnosticsExportInvalidSarifFixed(
codeql: CodeQL,
): Promise<boolean> {
return await util.codeQlVersionAbove(
return await util.codeQlVersionAtLeast(
codeql,
CODEQL_VERSION_DIAGNOSTICS_EXPORT_FIXED,
);
}
async function getLanguageAliasingArguments(codeql: CodeQL): Promise<string[]> {
if (await util.codeQlVersionAbove(codeql, CODEQL_VERSION_LANGUAGE_ALIASING)) {
if (
await util.codeQlVersionAtLeast(codeql, CODEQL_VERSION_LANGUAGE_ALIASING)
) {
return ["--extractor-include-aliases"];
}
return [];
@ -1424,7 +1426,7 @@ async function isSublanguageFileCoverageEnabled(
// Sub-language file coverage is first supported in GHES 3.12.
(config.gitHubVersion.type !== util.GitHubVariant.GHES ||
semver.gte(config.gitHubVersion.version, "3.12.0")) &&
(await util.codeQlVersionAbove(
(await util.codeQlVersionAtLeast(
codeql,
CODEQL_VERSION_SUBLANGUAGE_FILE_COVERAGE,
))
@ -1435,7 +1437,7 @@ async function getCodeScanningQueryHelpArguments(
codeql: CodeQL,
): Promise<string[]> {
if (
await util.codeQlVersionAbove(codeql, CODEQL_VERSION_INCLUDE_QUERY_HELP)
await util.codeQlVersionAtLeast(codeql, CODEQL_VERSION_INCLUDE_QUERY_HELP)
) {
return ["--sarif-include-query-help=always"];
}