Merge pull request #837 from github/aeisenberg/cli-2.7.3

Bump default CodeQL version to 2.7.3
2021-12-08 09:02:37 -08:00 · 2021-12-08 09:02:37 -08:00 · eebe7c46f1
commit eebe7c46f1
parent 0dbcb55617 dc32d5448f
7 changed files with 30 additions and 6 deletions
--- a/.github/workflows/pr-checks.yml
+++ b/.github/workflows/pr-checks.yml
@ -370,6 +370,9 @@ jobs:
        run: |
          ../action/runner/dist/codeql-runner-macos init --repository $GITHUB_REPOSITORY --languages csharp --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}

+      - name: Initialize dotnet
+        run: dotnet restore
+
      - name: Build code
        shell: bash
        run: |
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -2,7 +2,7 @@

 ## [UNRELEASED]

-No user facing changes.
+- Update default CodeQL bundle version to 2.7.3. [#837](https://github.com/github/codeql-action/pull/837)

 ## 1.0.25 - 06 Dec 2021

--- a/lib/codeql.js
+++ b/lib/codeql.js
@ -461,7 +461,18 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                "-Dhttp.keepAlive=false",
                "-Dmaven.wagon.http.pool=false",
            ].join(" ");
-            await runTool(autobuildCmd);
+            const runnerExecutable = process.env["CODEQL_RUNNER"] || "";
+            // On Mac, prefixing with the runner executable is required to handle System Integrity Protection.
+            if (runnerExecutable) {
+                // Earlier steps (init) are expected to have written the runner executable path
+                // to the tracing environment, and the current step is expected to have
+                // correctly loaded that environment.
+                await runTool(runnerExecutable, [autobuildCmd]);
+            }
+            else {
+                // Fallback in case CODEQL_RUNNER wasn't correctly set or loaded.
+                await runTool(autobuildCmd);
+            }
        },
        async extractScannedLanguage(databasePath, language) {
            // Get extractor location
--- a/lib/codeql.js.map
+++ b/lib/codeql.js.map
--- a/lib/defaults.json
+++ b/lib/defaults.json
@ -1,3 +1,3 @@
 {
-    "bundleVersion": "codeql-bundle-20211122"
+    "bundleVersion": "codeql-bundle-20211207"
 }
--- a/src/codeql.ts
+++ b/src/codeql.ts
@ -732,7 +732,17 @@ async function getCodeQLForCmd(
        "-Dmaven.wagon.http.pool=false",
      ].join(" ");

-      await runTool(autobuildCmd);
+      const runnerExecutable = process.env["CODEQL_RUNNER"] || "";
+      // On Mac, prefixing with the runner executable is required to handle System Integrity Protection.
+      if (runnerExecutable) {
+        // Earlier steps (init) are expected to have written the runner executable path
+        // to the tracing environment, and the current step is expected to have
+        // correctly loaded that environment.
+        await runTool(runnerExecutable, [autobuildCmd]);
+      } else {
+        // Fallback in case CODEQL_RUNNER wasn't correctly set or loaded.
+        await runTool(autobuildCmd);
+      }
    },
    async extractScannedLanguage(databasePath: string, language: Language) {
      // Get extractor location
--- a/src/defaults.json
+++ b/src/defaults.json
@ -1,3 +1,3 @@
 {
-  "bundleVersion": "codeql-bundle-20211122"
+  "bundleVersion": "codeql-bundle-20211207"
 }