diff --git a/.github/workflows/__all-platform-bundle.yml b/.github/workflows/__all-platform-bundle.yml index 384d2dca48..6ed442b27f 100644 --- a/.github/workflows/__all-platform-bundle.yml +++ b/.github/workflows/__all-platform-bundle.yml @@ -11,22 +11,24 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: all-platform-bundle: strategy: matrix: include: - - os: ubuntu-latest - version: nightly-latest + - os: ubuntu-latest + version: nightly-latest name: All-platform bundle permissions: contents: read @@ -34,44 +36,44 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'true' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - id: init - uses: ./../action/init - with: - tools: ${{ steps.prepare-test.outputs.tools-url }} - - uses: ./../action/.github/actions/setup-swift - with: - codeql-path: ${{ steps.init.outputs.codeql-path }} - - name: Build code - shell: bash - run: ./build.sh - - uses: ./../action/analyze - with: - upload-database: false + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'true' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - id: init + uses: ./../action/init + with: + tools: ${{ steps.prepare-test.outputs.tools-url }} + - uses: ./../action/.github/actions/setup-swift + with: + codeql-path: ${{ steps.init.outputs.codeql-path }} + - name: Build code + shell: bash + run: ./build.sh + - uses: ./../action/analyze + with: + upload-database: false env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__analyze-ref-input.yml b/.github/workflows/__analyze-ref-input.yml index 6850a63ab1..8ac1b03a44 100644 --- a/.github/workflows/__analyze-ref-input.yml +++ b/.github/workflows/__analyze-ref-input.yml @@ -11,26 +11,28 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: analyze-ref-input: strategy: matrix: include: - - os: ubuntu-latest - version: default - - os: macos-latest - version: default - - os: windows-latest - version: default + - os: ubuntu-latest + version: default + - os: macos-latest + version: default + - os: windows-latest + version: default name: "Analyze: 'ref' and 'sha' from inputs" permissions: contents: read @@ -38,45 +40,45 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: ./../action/init - with: - tools: ${{ steps.prepare-test.outputs.tools-url }} - languages: cpp,csharp,java,javascript,python - config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ - github.sha }} - - name: Build code - shell: bash - run: ./build.sh - - uses: ./../action/analyze - with: - upload-database: false - ref: refs/heads/main - sha: 5e235361806c361d4d3f8859e3c897658025a9a2 + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: ./../action/init + with: + tools: ${{ steps.prepare-test.outputs.tools-url }} + languages: cpp,csharp,java,javascript,python + config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ + github.sha }} + - name: Build code + shell: bash + run: ./build.sh + - uses: ./../action/analyze + with: + upload-database: false + ref: refs/heads/main + sha: 5e235361806c361d4d3f8859e3c897658025a9a2 env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__autobuild-action.yml b/.github/workflows/__autobuild-action.yml index 84a0d95055..067800b3df 100644 --- a/.github/workflows/__autobuild-action.yml +++ b/.github/workflows/__autobuild-action.yml @@ -11,26 +11,28 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: autobuild-action: strategy: matrix: include: - - os: ubuntu-latest - version: latest - - os: macos-latest - version: latest - - os: windows-latest - version: latest + - os: ubuntu-latest + version: latest + - os: macos-latest + version: latest + - os: windows-latest + version: latest name: autobuild-action permissions: contents: read @@ -38,55 +40,55 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: ./../action/init - with: - languages: csharp - tools: ${{ steps.prepare-test.outputs.tools-url }} - - uses: ./../action/autobuild - env: + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: ./../action/init + with: + languages: csharp + tools: ${{ steps.prepare-test.outputs.tools-url }} + - uses: ./../action/autobuild + env: # Explicitly disable the CLR tracer. - COR_ENABLE_PROFILING: '' - COR_PROFILER: '' - COR_PROFILER_PATH_64: '' - CORECLR_ENABLE_PROFILING: '' - CORECLR_PROFILER: '' - CORECLR_PROFILER_PATH_64: '' - - uses: ./../action/analyze - with: - upload-database: false - - name: Check database - shell: bash - run: | - cd "$RUNNER_TEMP/codeql_databases" - if [[ ! -d csharp ]]; then - echo "Did not find a C# database" - exit 1 - fi + COR_ENABLE_PROFILING: '' + COR_PROFILER: '' + COR_PROFILER_PATH_64: '' + CORECLR_ENABLE_PROFILING: '' + CORECLR_PROFILER: '' + CORECLR_PROFILER_PATH_64: '' + - uses: ./../action/analyze + with: + upload-database: false + - name: Check database + shell: bash + run: | + cd "$RUNNER_TEMP/codeql_databases" + if [[ ! -d csharp ]]; then + echo "Did not find a C# database" + exit 1 + fi env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__build-mode-autobuild.yml b/.github/workflows/__build-mode-autobuild.yml index 288eda9129..fee121d96b 100644 --- a/.github/workflows/__build-mode-autobuild.yml +++ b/.github/workflows/__build-mode-autobuild.yml @@ -11,22 +11,24 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: build-mode-autobuild: strategy: matrix: include: - - os: ubuntu-latest - version: nightly-latest + - os: ubuntu-latest + version: nightly-latest name: Build mode autobuild permissions: contents: read @@ -34,55 +36,55 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - name: Set up Java test repo configuration - run: | - mv * .github ../action/tests/multi-language-repo/ - mv ../action/tests/multi-language-repo/.github/workflows .github - mv ../action/tests/java-repo/* . + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - name: Set up Java test repo configuration + run: | + mv * .github ../action/tests/multi-language-repo/ + mv ../action/tests/multi-language-repo/.github/workflows .github + mv ../action/tests/java-repo/* . - - uses: ./../action/init - id: init - with: - build-mode: autobuild - db-location: ${{ runner.temp }}/customDbLocation - languages: java - tools: ${{ steps.prepare-test.outputs.tools-url }} + - uses: ./../action/init + id: init + with: + build-mode: autobuild + db-location: ${{ runner.temp }}/customDbLocation + languages: java + tools: ${{ steps.prepare-test.outputs.tools-url }} - - name: Validate database build mode - run: | - metadata_path="$RUNNER_TEMP/customDbLocation/java/codeql-database.yml" - build_mode=$(yq eval '.buildMode' "$metadata_path") - if [[ "$build_mode" != "autobuild" ]]; then - echo "Expected build mode to be 'autobuild' but was $build_mode" - exit 1 - fi + - name: Validate database build mode + run: | + metadata_path="$RUNNER_TEMP/customDbLocation/java/codeql-database.yml" + build_mode=$(yq eval '.buildMode' "$metadata_path") + if [[ "$build_mode" != "autobuild" ]]; then + echo "Expected build mode to be 'autobuild' but was $build_mode" + exit 1 + fi - - uses: ./../action/analyze + - uses: ./../action/analyze env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__build-mode-manual.yml b/.github/workflows/__build-mode-manual.yml index e762952512..fb67bdefa0 100644 --- a/.github/workflows/__build-mode-manual.yml +++ b/.github/workflows/__build-mode-manual.yml @@ -11,22 +11,24 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: build-mode-manual: strategy: matrix: include: - - os: ubuntu-latest - version: nightly-latest + - os: ubuntu-latest + version: nightly-latest name: Build mode manual permissions: contents: read @@ -34,57 +36,57 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: ./../action/init - id: init - with: - build-mode: manual - db-location: ${{ runner.temp }}/customDbLocation - languages: java - tools: ${{ steps.prepare-test.outputs.tools-url }} + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: ./../action/init + id: init + with: + build-mode: manual + db-location: ${{ runner.temp }}/customDbLocation + languages: java + tools: ${{ steps.prepare-test.outputs.tools-url }} - - name: Validate database build mode - run: | - metadata_path="$RUNNER_TEMP/customDbLocation/java/codeql-database.yml" - build_mode=$(yq eval '.buildMode' "$metadata_path") - if [[ "$build_mode" != "manual" ]]; then - echo "Expected build mode to be 'manual' but was $build_mode" - exit 1 - fi + - name: Validate database build mode + run: | + metadata_path="$RUNNER_TEMP/customDbLocation/java/codeql-database.yml" + build_mode=$(yq eval '.buildMode' "$metadata_path") + if [[ "$build_mode" != "manual" ]]; then + echo "Expected build mode to be 'manual' but was $build_mode" + exit 1 + fi - - uses: ./../action/.github/actions/setup-swift - with: - codeql-path: ${{ steps.init.outputs.codeql-path }} + - uses: ./../action/.github/actions/setup-swift + with: + codeql-path: ${{ steps.init.outputs.codeql-path }} - - name: Build code - shell: bash - run: ./build.sh + - name: Build code + shell: bash + run: ./build.sh - - uses: ./../action/analyze + - uses: ./../action/analyze env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__build-mode-none.yml b/.github/workflows/__build-mode-none.yml index 66dd220dde..b9530efdf8 100644 --- a/.github/workflows/__build-mode-none.yml +++ b/.github/workflows/__build-mode-none.yml @@ -11,24 +11,26 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: build-mode-none: strategy: matrix: include: - - os: ubuntu-latest - version: latest - - os: ubuntu-latest - version: nightly-latest + - os: ubuntu-latest + version: latest + - os: ubuntu-latest + version: nightly-latest name: Build mode none permissions: contents: read @@ -36,53 +38,53 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: ./../action/init - id: init - with: - build-mode: none - db-location: ${{ runner.temp }}/customDbLocation - languages: java - tools: ${{ steps.prepare-test.outputs.tools-url }} + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: ./../action/init + id: init + with: + build-mode: none + db-location: ${{ runner.temp }}/customDbLocation + languages: java + tools: ${{ steps.prepare-test.outputs.tools-url }} - - name: Validate database build mode - run: | - metadata_path="$RUNNER_TEMP/customDbLocation/java/codeql-database.yml" - build_mode=$(yq eval '.buildMode' "$metadata_path") - if [[ "$build_mode" != "none" ]]; then - echo "Expected build mode to be 'none' but was $build_mode" - exit 1 - fi + - name: Validate database build mode + run: | + metadata_path="$RUNNER_TEMP/customDbLocation/java/codeql-database.yml" + build_mode=$(yq eval '.buildMode' "$metadata_path") + if [[ "$build_mode" != "none" ]]; then + echo "Expected build mode to be 'none' but was $build_mode" + exit 1 + fi # The latest nightly supports omitting the autobuild Action when the build mode is specified. - - uses: ./../action/autobuild - if: matrix.version != 'nightly-latest' + - uses: ./../action/autobuild + if: matrix.version != 'nightly-latest' - - uses: ./../action/analyze + - uses: ./../action/analyze env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__build-mode-rollback.yml b/.github/workflows/__build-mode-rollback.yml index f44ce2da54..5108f15bdb 100644 --- a/.github/workflows/__build-mode-rollback.yml +++ b/.github/workflows/__build-mode-rollback.yml @@ -11,22 +11,24 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: build-mode-rollback: strategy: matrix: include: - - os: ubuntu-latest - version: nightly-latest + - os: ubuntu-latest + version: nightly-latest name: Build mode rollback permissions: contents: read @@ -34,56 +36,56 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - name: Set up Java test repo configuration - run: | - mv * .github ../action/tests/multi-language-repo/ - mv ../action/tests/multi-language-repo/.github/workflows .github - mv ../action/tests/java-repo/* . + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - name: Set up Java test repo configuration + run: | + mv * .github ../action/tests/multi-language-repo/ + mv ../action/tests/multi-language-repo/.github/workflows .github + mv ../action/tests/java-repo/* . - - uses: ./../action/init - id: init - with: - build-mode: none - db-location: ${{ runner.temp }}/customDbLocation - languages: java - tools: ${{ steps.prepare-test.outputs.tools-url }} + - uses: ./../action/init + id: init + with: + build-mode: none + db-location: ${{ runner.temp }}/customDbLocation + languages: java + tools: ${{ steps.prepare-test.outputs.tools-url }} - - name: Validate database build mode - run: | - metadata_path="$RUNNER_TEMP/customDbLocation/java/codeql-database.yml" - build_mode=$(yq eval '.buildMode' "$metadata_path") - if [[ "$build_mode" != "autobuild" ]]; then - echo "Expected build mode to be 'autobuild' but was $build_mode" - exit 1 - fi + - name: Validate database build mode + run: | + metadata_path="$RUNNER_TEMP/customDbLocation/java/codeql-database.yml" + build_mode=$(yq eval '.buildMode' "$metadata_path") + if [[ "$build_mode" != "autobuild" ]]; then + echo "Expected build mode to be 'autobuild' but was $build_mode" + exit 1 + fi - - uses: ./../action/analyze + - uses: ./../action/analyze env: CODEQL_ACTION_DISABLE_JAVA_BUILDLESS: true CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__config-export.yml b/.github/workflows/__config-export.yml index eeac29f05b..5862b7ffe6 100644 --- a/.github/workflows/__config-export.yml +++ b/.github/workflows/__config-export.yml @@ -11,32 +11,34 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: config-export: strategy: matrix: include: - - os: ubuntu-latest - version: latest - - os: macos-latest - version: latest - - os: windows-latest - version: latest - - os: ubuntu-latest - version: nightly-latest - - os: macos-latest - version: nightly-latest - - os: windows-latest - version: nightly-latest + - os: ubuntu-latest + version: latest + - os: macos-latest + version: latest + - os: windows-latest + version: latest + - os: ubuntu-latest + version: nightly-latest + - os: macos-latest + version: nightly-latest + - os: windows-latest + version: nightly-latest name: Config export permissions: contents: read @@ -44,72 +46,72 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: ./../action/init - with: - languages: javascript - queries: security-extended - tools: ${{ steps.prepare-test.outputs.tools-url }} - - uses: ./../action/analyze - with: - output: ${{ runner.temp }}/results - upload-database: false - - name: Upload SARIF - uses: actions/upload-artifact@v3 - with: - name: config-export-${{ matrix.os }}-${{ matrix.version }}.sarif.json - path: ${{ runner.temp }}/results/javascript.sarif - retention-days: 7 - - name: Check config properties appear in SARIF - uses: actions/github-script@v7 - env: - SARIF_PATH: ${{ runner.temp }}/results/javascript.sarif - with: - script: | - const fs = require('fs'); + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: ./../action/init + with: + languages: javascript + queries: security-extended + tools: ${{ steps.prepare-test.outputs.tools-url }} + - uses: ./../action/analyze + with: + output: ${{ runner.temp }}/results + upload-database: false + - name: Upload SARIF + uses: actions/upload-artifact@v3 + with: + name: config-export-${{ matrix.os }}-${{ matrix.version }}.sarif.json + path: ${{ runner.temp }}/results/javascript.sarif + retention-days: 7 + - name: Check config properties appear in SARIF + uses: actions/github-script@v7 + env: + SARIF_PATH: ${{ runner.temp }}/results/javascript.sarif + with: + script: | + const fs = require('fs'); - const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8')); - const run = sarif.runs[0]; - const configSummary = run.properties.codeqlConfigSummary; + const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8')); + const run = sarif.runs[0]; + const configSummary = run.properties.codeqlConfigSummary; - if (configSummary === undefined) { - core.setFailed('`codeqlConfigSummary` property not found in the SARIF run property bag.'); - } - if (configSummary.disableDefaultQueries !== false) { - core.setFailed('`disableDefaultQueries` property incorrect: expected false, got ' + - `${JSON.stringify(configSummary.disableDefaultQueries)}.`); - } - const expectedQueries = [{ type: 'builtinSuite', uses: 'security-extended' }]; - // Use JSON.stringify to deep-equal the arrays. - if (JSON.stringify(configSummary.queries) !== JSON.stringify(expectedQueries)) { - core.setFailed(`\`queries\` property incorrect: expected ${JSON.stringify(expectedQueries)}, got ` + - `${JSON.stringify(configSummary.queries)}.`); - } - core.info('Finished config export tests.'); + if (configSummary === undefined) { + core.setFailed('`codeqlConfigSummary` property not found in the SARIF run property bag.'); + } + if (configSummary.disableDefaultQueries !== false) { + core.setFailed('`disableDefaultQueries` property incorrect: expected false, got ' + + `${JSON.stringify(configSummary.disableDefaultQueries)}.`); + } + const expectedQueries = [{ type: 'builtinSuite', uses: 'security-extended' }]; + // Use JSON.stringify to deep-equal the arrays. + if (JSON.stringify(configSummary.queries) !== JSON.stringify(expectedQueries)) { + core.setFailed(`\`queries\` property incorrect: expected ${JSON.stringify(expectedQueries)}, got ` + + `${JSON.stringify(configSummary.queries)}.`); + } + core.info('Finished config export tests.'); env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__config-input.yml b/.github/workflows/__config-input.yml index 2e3b086085..8dd0806f10 100644 --- a/.github/workflows/__config-input.yml +++ b/.github/workflows/__config-input.yml @@ -11,22 +11,24 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: config-input: strategy: matrix: include: - - os: ubuntu-latest - version: latest + - os: ubuntu-latest + version: latest name: Config input permissions: contents: read @@ -34,59 +36,59 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - name: Copy queries into workspace - run: | - cp -a ../action/queries . + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - name: Copy queries into workspace + run: | + cp -a ../action/queries . - - uses: ./../action/init - with: - tools: ${{ steps.prepare-test.outputs.tools-url }} - languages: javascript - build-mode: none - config: | - disable-default-queries: true - queries: - - name: Run custom query - uses: ./queries/default-setup-environment-variables.ql - paths-ignore: - - tests - - lib + - uses: ./../action/init + with: + tools: ${{ steps.prepare-test.outputs.tools-url }} + languages: javascript + build-mode: none + config: | + disable-default-queries: true + queries: + - name: Run custom query + uses: ./queries/default-setup-environment-variables.ql + paths-ignore: + - tests + - lib - - uses: ./../action/analyze - with: - output: ${{ runner.temp }}/results + - uses: ./../action/analyze + with: + output: ${{ runner.temp }}/results - - name: Check SARIF - uses: ./../action/.github/actions/check-sarif - with: - sarif-file: ${{ runner.temp }}/results/javascript.sarif - queries-run: javascript/codeql-action/default-setup-env-vars - queries-not-run: javascript/codeql-action/default-setup-context-properties + - name: Check SARIF + uses: ./../action/.github/actions/check-sarif + with: + sarif-file: ${{ runner.temp }}/results/javascript.sarif + queries-run: javascript/codeql-action/default-setup-env-vars + queries-not-run: javascript/codeql-action/default-setup-context-properties env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__cpp-deptrace-disabled.yml b/.github/workflows/__cpp-deptrace-disabled.yml index d68c72101a..1a5efd492b 100644 --- a/.github/workflows/__cpp-deptrace-disabled.yml +++ b/.github/workflows/__cpp-deptrace-disabled.yml @@ -11,26 +11,28 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: cpp-deptrace-disabled: strategy: matrix: include: - - os: ubuntu-latest - version: latest - - os: ubuntu-latest - version: default - - os: ubuntu-latest - version: nightly-latest + - os: ubuntu-latest + version: latest + - os: ubuntu-latest + version: default + - os: ubuntu-latest + version: nightly-latest name: 'C/C++: disabling autoinstalling dependencies (Linux)' permissions: contents: read @@ -38,51 +40,51 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - name: Test setup - shell: bash - run: | - cp -a ../action/tests/cpp-autobuild autobuild-dir - - uses: ./../action/init - with: - languages: cpp - tools: ${{ steps.prepare-test.outputs.tools-url }} - - uses: ./../action/autobuild - with: - working-directory: autobuild-dir - env: - CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: false - - shell: bash - run: | - if ls /usr/bin/errno; then - echo "C/C++ autobuild installed errno, but it should not have since auto-install dependencies is disabled." - exit 1 - fi + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - name: Test setup + shell: bash + run: | + cp -a ../action/tests/cpp-autobuild autobuild-dir + - uses: ./../action/init + with: + languages: cpp + tools: ${{ steps.prepare-test.outputs.tools-url }} + - uses: ./../action/autobuild + with: + working-directory: autobuild-dir + env: + CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: false + - shell: bash + run: | + if ls /usr/bin/errno; then + echo "C/C++ autobuild installed errno, but it should not have since auto-install dependencies is disabled." + exit 1 + fi env: DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false' CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__cpp-deptrace-enabled-on-macos.yml b/.github/workflows/__cpp-deptrace-enabled-on-macos.yml index 1f86c061aa..65b47f2e5d 100644 --- a/.github/workflows/__cpp-deptrace-enabled-on-macos.yml +++ b/.github/workflows/__cpp-deptrace-enabled-on-macos.yml @@ -11,22 +11,24 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: cpp-deptrace-enabled-on-macos: strategy: matrix: include: - - os: macos-latest - version: nightly-latest + - os: macos-latest + version: nightly-latest name: 'C/C++: autoinstalling dependencies is skipped (macOS)' permissions: contents: read @@ -34,53 +36,53 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - name: Test setup - shell: bash - run: | - cp -a ../action/tests/cpp-autobuild autobuild-dir - - uses: ./../action/init - with: - languages: cpp - tools: ${{ steps.prepare-test.outputs.tools-url }} - - uses: ./../action/autobuild - with: - working-directory: autobuild-dir - env: - CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: true - - shell: bash - run: | - if ! ls /usr/bin/errno; then - echo "As expected, CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES is a no-op on macOS" - else - echo "CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES should not have had any effect on macOS" - exit 1 - fi + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - name: Test setup + shell: bash + run: | + cp -a ../action/tests/cpp-autobuild autobuild-dir + - uses: ./../action/init + with: + languages: cpp + tools: ${{ steps.prepare-test.outputs.tools-url }} + - uses: ./../action/autobuild + with: + working-directory: autobuild-dir + env: + CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: true + - shell: bash + run: | + if ! ls /usr/bin/errno; then + echo "As expected, CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES is a no-op on macOS" + else + echo "CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES should not have had any effect on macOS" + exit 1 + fi env: DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false' CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__cpp-deptrace-enabled.yml b/.github/workflows/__cpp-deptrace-enabled.yml index ba99f61f1d..c4e9ddeb6c 100644 --- a/.github/workflows/__cpp-deptrace-enabled.yml +++ b/.github/workflows/__cpp-deptrace-enabled.yml @@ -11,26 +11,28 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: cpp-deptrace-enabled: strategy: matrix: include: - - os: ubuntu-latest - version: latest - - os: ubuntu-latest - version: default - - os: ubuntu-latest - version: nightly-latest + - os: ubuntu-latest + version: latest + - os: ubuntu-latest + version: default + - os: ubuntu-latest + version: nightly-latest name: 'C/C++: autoinstalling dependencies (Linux)' permissions: contents: read @@ -38,51 +40,51 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - name: Test setup - shell: bash - run: | - cp -a ../action/tests/cpp-autobuild autobuild-dir - - uses: ./../action/init - with: - languages: cpp - tools: ${{ steps.prepare-test.outputs.tools-url }} - - uses: ./../action/autobuild - with: - working-directory: autobuild-dir - env: - CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: true - - shell: bash - run: | - if ! ls /usr/bin/errno; then - echo "Did not autoinstall errno" - exit 1 - fi + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - name: Test setup + shell: bash + run: | + cp -a ../action/tests/cpp-autobuild autobuild-dir + - uses: ./../action/init + with: + languages: cpp + tools: ${{ steps.prepare-test.outputs.tools-url }} + - uses: ./../action/autobuild + with: + working-directory: autobuild-dir + env: + CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: true + - shell: bash + run: | + if ! ls /usr/bin/errno; then + echo "Did not autoinstall errno" + exit 1 + fi env: DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false' CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__diagnostics-export.yml b/.github/workflows/__diagnostics-export.yml index 47983a3081..b39122cb5e 100644 --- a/.github/workflows/__diagnostics-export.yml +++ b/.github/workflows/__diagnostics-export.yml @@ -11,38 +11,40 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: diagnostics-export: strategy: matrix: include: - - os: ubuntu-latest - version: stable-20230317 - - os: macos-latest - version: stable-20230317 - - os: windows-latest - version: stable-20230317 - - os: ubuntu-latest - version: latest - - os: macos-latest - version: latest - - os: windows-latest - version: latest - - os: ubuntu-latest - version: nightly-latest - - os: macos-latest - version: nightly-latest - - os: windows-latest - version: nightly-latest + - os: ubuntu-latest + version: stable-20230317 + - os: macos-latest + version: stable-20230317 + - os: windows-latest + version: stable-20230317 + - os: ubuntu-latest + version: latest + - os: macos-latest + version: latest + - os: windows-latest + version: latest + - os: ubuntu-latest + version: nightly-latest + - os: macos-latest + version: nightly-latest + - os: windows-latest + version: nightly-latest name: Diagnostic export permissions: contents: read @@ -50,113 +52,113 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: ./../action/init - id: init - with: - languages: javascript - tools: ${{ steps.prepare-test.outputs.tools-url }} - - name: Add test diagnostics - shell: bash - env: - CODEQL_PATH: ${{ steps.init.outputs.codeql-path }} - run: | - for i in {1..2}; do - # Use the same location twice to test the workaround for the bug in CodeQL CLI 2.12.5 that - # produces an invalid diagnostic with multiple identical location objects. - "$CODEQL_PATH" database add-diagnostic \ - "$RUNNER_TEMP/codeql_databases/javascript" \ - --file-path /path/to/file \ - --plaintext-message "Plaintext message $i" \ - --source-id "lang/diagnostics/example" \ - --source-name "Diagnostic name" \ - --ready-for-status-page - done - - uses: ./../action/analyze - with: - output: ${{ runner.temp }}/results - upload-database: false - - name: Upload SARIF - uses: actions/upload-artifact@v3 - with: - name: diagnostics-export-${{ matrix.os }}-${{ matrix.version }}.sarif.json - path: ${{ runner.temp }}/results/javascript.sarif - retention-days: 7 - - name: Check diagnostics appear in SARIF - uses: actions/github-script@v7 - env: - SARIF_PATH: ${{ runner.temp }}/results/javascript.sarif - with: - script: | - const fs = require('fs'); + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: ./../action/init + id: init + with: + languages: javascript + tools: ${{ steps.prepare-test.outputs.tools-url }} + - name: Add test diagnostics + shell: bash + env: + CODEQL_PATH: ${{ steps.init.outputs.codeql-path }} + run: | + for i in {1..2}; do + # Use the same location twice to test the workaround for the bug in CodeQL CLI 2.12.5 that + # produces an invalid diagnostic with multiple identical location objects. + "$CODEQL_PATH" database add-diagnostic \ + "$RUNNER_TEMP/codeql_databases/javascript" \ + --file-path /path/to/file \ + --plaintext-message "Plaintext message $i" \ + --source-id "lang/diagnostics/example" \ + --source-name "Diagnostic name" \ + --ready-for-status-page + done + - uses: ./../action/analyze + with: + output: ${{ runner.temp }}/results + upload-database: false + - name: Upload SARIF + uses: actions/upload-artifact@v3 + with: + name: diagnostics-export-${{ matrix.os }}-${{ matrix.version }}.sarif.json + path: ${{ runner.temp }}/results/javascript.sarif + retention-days: 7 + - name: Check diagnostics appear in SARIF + uses: actions/github-script@v7 + env: + SARIF_PATH: ${{ runner.temp }}/results/javascript.sarif + with: + script: | + const fs = require('fs'); - function checkStatusPageNotification(n) { - const expectedMessage = 'Plaintext message 1\n\nCodeQL also found 1 other diagnostic like this. See the workflow log for details.'; - if (n.message.text !== expectedMessage) { - core.setFailed(`Expected the status page diagnostic to have the message '${expectedMessage}', but found '${n.message.text}'.`); + function checkStatusPageNotification(n) { + const expectedMessage = 'Plaintext message 1\n\nCodeQL also found 1 other diagnostic like this. See the workflow log for details.'; + if (n.message.text !== expectedMessage) { + core.setFailed(`Expected the status page diagnostic to have the message '${expectedMessage}', but found '${n.message.text}'.`); + } + if (n.locations.length !== 1) { + core.setFailed(`Expected the status page diagnostic to have exactly 1 location, but found ${n.locations.length}.`); + } } - if (n.locations.length !== 1) { - core.setFailed(`Expected the status page diagnostic to have exactly 1 location, but found ${n.locations.length}.`); - } - } - const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8')); - const run = sarif.runs[0]; + const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8')); + const run = sarif.runs[0]; - const toolExecutionNotifications = run.invocations[0].toolExecutionNotifications; - const statusPageNotifications = toolExecutionNotifications.filter(n => - n.descriptor.id === 'lang/diagnostics/example' && n.properties?.visibility?.statusPage - ); - if (statusPageNotifications.length !== 1) { - core.setFailed( - 'Expected exactly one status page reporting descriptor for this diagnostic in the ' + - `'runs[].invocations[].toolExecutionNotifications[]' SARIF property, but found ` + - `${statusPageNotifications.length}. All notification reporting descriptors: ` + - `${JSON.stringify(toolExecutionNotifications)}.` + const toolExecutionNotifications = run.invocations[0].toolExecutionNotifications; + const statusPageNotifications = toolExecutionNotifications.filter(n => + n.descriptor.id === 'lang/diagnostics/example' && n.properties?.visibility?.statusPage ); - } - checkStatusPageNotification(statusPageNotifications[0]); + if (statusPageNotifications.length !== 1) { + core.setFailed( + 'Expected exactly one status page reporting descriptor for this diagnostic in the ' + + `'runs[].invocations[].toolExecutionNotifications[]' SARIF property, but found ` + + `${statusPageNotifications.length}. All notification reporting descriptors: ` + + `${JSON.stringify(toolExecutionNotifications)}.` + ); + } + checkStatusPageNotification(statusPageNotifications[0]); - const notifications = run.tool.driver.notifications; - const diagnosticNotification = notifications.filter(n => - n.id === 'lang/diagnostics/example' && n.name === 'lang/diagnostics/example' && - n.fullDescription.text === 'Diagnostic name' - ); - if (diagnosticNotification.length !== 1) { - core.setFailed( - 'Expected exactly one notification for this diagnostic in the ' + - `'runs[].tool.driver.notifications[]' SARIF property, but found ` + - `${diagnosticNotification.length}. All notifications: ` + - `${JSON.stringify(notifications)}.` + const notifications = run.tool.driver.notifications; + const diagnosticNotification = notifications.filter(n => + n.id === 'lang/diagnostics/example' && n.name === 'lang/diagnostics/example' && + n.fullDescription.text === 'Diagnostic name' ); - } + if (diagnosticNotification.length !== 1) { + core.setFailed( + 'Expected exactly one notification for this diagnostic in the ' + + `'runs[].tool.driver.notifications[]' SARIF property, but found ` + + `${diagnosticNotification.length}. All notifications: ` + + `${JSON.stringify(notifications)}.` + ); + } - core.info('Finished diagnostic export test'); + core.info('Finished diagnostic export test'); env: CODEQL_ACTION_EXPORT_DIAGNOSTICS: true CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__export-file-baseline-information.yml b/.github/workflows/__export-file-baseline-information.yml index c395a5655d..8206163f4a 100644 --- a/.github/workflows/__export-file-baseline-information.yml +++ b/.github/workflows/__export-file-baseline-information.yml @@ -11,26 +11,28 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: export-file-baseline-information: strategy: matrix: include: - - os: ubuntu-latest - version: nightly-latest - - os: macos-latest - version: nightly-latest - - os: windows-latest - version: nightly-latest + - os: ubuntu-latest + version: nightly-latest + - os: macos-latest + version: nightly-latest + - os: windows-latest + version: nightly-latest name: Export file baseline information permissions: contents: read @@ -38,72 +40,72 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: ./../action/init - id: init - with: - languages: javascript - tools: ${{ steps.prepare-test.outputs.tools-url }} - - uses: ./../action/.github/actions/setup-swift - with: - codeql-path: ${{ steps.init.outputs.codeql-path }} - - name: Build code - shell: bash - run: ./build.sh - - uses: ./../action/analyze - with: - output: ${{ runner.temp }}/results - - name: Upload SARIF - uses: actions/upload-artifact@v3 - with: - name: with-baseline-information-${{ matrix.os }}-${{ matrix.version }}.sarif.json - path: ${{ runner.temp }}/results/javascript.sarif - retention-days: 7 - - name: Check results - shell: bash - run: | - cd "$RUNNER_TEMP/results" - expected_baseline_languages="c csharp go java kotlin javascript python ruby" - if [[ $RUNNER_OS != "Windows" ]]; then - expected_baseline_languages+=" swift" - fi - - for lang in ${expected_baseline_languages}; do - rule_name="cli/expected-extracted-files/${lang}" - found_notification=$(jq --arg rule_name "${rule_name}" '[.runs[0].tool.driver.notifications | - select(. != null) | flatten | .[].id] | any(. == $rule_name)' javascript.sarif) - if [[ "${found_notification}" != "true" ]]; then - echo "Expected SARIF output to contain notification '${rule_name}', but found no such notification." - exit 1 - else - echo "Found notification '${rule_name}'." + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: ./../action/init + id: init + with: + languages: javascript + tools: ${{ steps.prepare-test.outputs.tools-url }} + - uses: ./../action/.github/actions/setup-swift + with: + codeql-path: ${{ steps.init.outputs.codeql-path }} + - name: Build code + shell: bash + run: ./build.sh + - uses: ./../action/analyze + with: + output: ${{ runner.temp }}/results + - name: Upload SARIF + uses: actions/upload-artifact@v3 + with: + name: with-baseline-information-${{ matrix.os }}-${{ matrix.version }}.sarif.json + path: ${{ runner.temp }}/results/javascript.sarif + retention-days: 7 + - name: Check results + shell: bash + run: | + cd "$RUNNER_TEMP/results" + expected_baseline_languages="c csharp go java kotlin javascript python ruby" + if [[ $RUNNER_OS != "Windows" ]]; then + expected_baseline_languages+=" swift" fi - done + + for lang in ${expected_baseline_languages}; do + rule_name="cli/expected-extracted-files/${lang}" + found_notification=$(jq --arg rule_name "${rule_name}" '[.runs[0].tool.driver.notifications | + select(. != null) | flatten | .[].id] | any(. == $rule_name)' javascript.sarif) + if [[ "${found_notification}" != "true" ]]; then + echo "Expected SARIF output to contain notification '${rule_name}', but found no such notification." + exit 1 + else + echo "Found notification '${rule_name}'." + fi + done env: CODEQL_ACTION_SUBLANGUAGE_FILE_COVERAGE: true CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__extractor-ram-threads.yml b/.github/workflows/__extractor-ram-threads.yml index 5823fa50ad..17450c0321 100644 --- a/.github/workflows/__extractor-ram-threads.yml +++ b/.github/workflows/__extractor-ram-threads.yml @@ -11,22 +11,24 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: extractor-ram-threads: strategy: matrix: include: - - os: ubuntu-latest - version: latest + - os: ubuntu-latest + version: latest name: Extractor ram and threads options test permissions: contents: read @@ -34,55 +36,55 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: ./../action/init - with: - languages: java - ram: 230 - threads: 1 - - name: Assert Results - shell: bash - run: | - if [ "${CODEQL_RAM}" != "230" ]; then - echo "CODEQL_RAM is '${CODEQL_RAM}' instead of 230" - exit 1 - fi - if [ "${CODEQL_EXTRACTOR_JAVA_RAM}" != "230" ]; then - echo "CODEQL_EXTRACTOR_JAVA_RAM is '${CODEQL_EXTRACTOR_JAVA_RAM}' instead of 230" - exit 1 - fi - if [ "${CODEQL_THREADS}" != "1" ]; then - echo "CODEQL_THREADS is '${CODEQL_THREADS}' instead of 1" - exit 1 - fi - if [ "${CODEQL_EXTRACTOR_JAVA_THREADS}" != "1" ]; then - echo "CODEQL_EXTRACTOR_JAVA_THREADS is '${CODEQL_EXTRACTOR_JAVA_THREADS}' instead of 1" - exit 1 - fi + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: ./../action/init + with: + languages: java + ram: 230 + threads: 1 + - name: Assert Results + shell: bash + run: | + if [ "${CODEQL_RAM}" != "230" ]; then + echo "CODEQL_RAM is '${CODEQL_RAM}' instead of 230" + exit 1 + fi + if [ "${CODEQL_EXTRACTOR_JAVA_RAM}" != "230" ]; then + echo "CODEQL_EXTRACTOR_JAVA_RAM is '${CODEQL_EXTRACTOR_JAVA_RAM}' instead of 230" + exit 1 + fi + if [ "${CODEQL_THREADS}" != "1" ]; then + echo "CODEQL_THREADS is '${CODEQL_THREADS}' instead of 1" + exit 1 + fi + if [ "${CODEQL_EXTRACTOR_JAVA_THREADS}" != "1" ]; then + echo "CODEQL_EXTRACTOR_JAVA_THREADS is '${CODEQL_EXTRACTOR_JAVA_THREADS}' instead of 1" + exit 1 + fi env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__go-custom-queries.yml b/.github/workflows/__go-custom-queries.yml index d8db274075..be2169b41c 100644 --- a/.github/workflows/__go-custom-queries.yml +++ b/.github/workflows/__go-custom-queries.yml @@ -11,62 +11,64 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: go-custom-queries: strategy: matrix: include: - - os: ubuntu-latest - version: stable-20221211 - - os: macos-latest - version: stable-20221211 - - os: windows-latest - version: stable-20221211 - - os: ubuntu-latest - version: stable-20230418 - - os: macos-latest - version: stable-20230418 - - os: windows-latest - version: stable-20230418 - - os: ubuntu-latest - version: stable-v2.13.5 - - os: macos-latest - version: stable-v2.13.5 - - os: windows-latest - version: stable-v2.13.5 - - os: ubuntu-latest - version: stable-v2.14.6 - - os: macos-latest - version: stable-v2.14.6 - - os: windows-latest - version: stable-v2.14.6 - - os: ubuntu-latest - version: default - - os: macos-latest - version: default - - os: windows-latest - version: default - - os: ubuntu-latest - version: latest - - os: macos-latest - version: latest - - os: windows-latest - version: latest - - os: ubuntu-latest - version: nightly-latest - - os: macos-latest - version: nightly-latest - - os: windows-latest - version: nightly-latest + - os: ubuntu-latest + version: stable-20221211 + - os: macos-latest + version: stable-20221211 + - os: windows-latest + version: stable-20221211 + - os: ubuntu-latest + version: stable-20230418 + - os: macos-latest + version: stable-20230418 + - os: windows-latest + version: stable-20230418 + - os: ubuntu-latest + version: stable-v2.13.5 + - os: macos-latest + version: stable-v2.13.5 + - os: windows-latest + version: stable-v2.13.5 + - os: ubuntu-latest + version: stable-v2.14.6 + - os: macos-latest + version: stable-v2.14.6 + - os: windows-latest + version: stable-v2.14.6 + - os: ubuntu-latest + version: default + - os: macos-latest + version: default + - os: windows-latest + version: default + - os: ubuntu-latest + version: latest + - os: macos-latest + version: latest + - os: windows-latest + version: latest + - os: ubuntu-latest + version: nightly-latest + - os: macos-latest + version: nightly-latest + - os: windows-latest + version: nightly-latest name: 'Go: Custom queries' permissions: contents: read @@ -74,43 +76,43 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: ./../action/init - with: - languages: go - config-file: ./.github/codeql/custom-queries.yml - tools: ${{ steps.prepare-test.outputs.tools-url }} - - name: Build code - shell: bash - run: ./build.sh - - uses: ./../action/analyze - with: - upload-database: false + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: ./../action/init + with: + languages: go + config-file: ./.github/codeql/custom-queries.yml + tools: ${{ steps.prepare-test.outputs.tools-url }} + - name: Build code + shell: bash + run: ./build.sh + - uses: ./../action/analyze + with: + upload-database: false env: DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false' CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml b/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml index 19b5744110..cc3541630a 100644 --- a/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml +++ b/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml @@ -11,22 +11,24 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: go-indirect-tracing-workaround-diagnostic: strategy: matrix: include: - - os: ubuntu-latest - version: stable-v2.14.6 + - os: ubuntu-latest + version: stable-v2.14.6 name: 'Go: diagnostic when Go is changed after init step' permissions: contents: read @@ -34,73 +36,73 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: actions/setup-go@v5 - with: + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: actions/setup-go@v5 + with: # We need a Go version that ships with statically linked binaries on Linux - go-version: '>=1.21.0' - - uses: ./../action/init - with: - languages: go - tools: ${{ steps.prepare-test.outputs.tools-url }} + go-version: '>=1.21.0' + - uses: ./../action/init + with: + languages: go + tools: ${{ steps.prepare-test.outputs.tools-url }} # Deliberately change Go after the `init` step - - uses: actions/setup-go@v5 - with: - go-version: '1.20' - - name: Build code - shell: bash - run: go build main.go - - uses: ./../action/analyze - with: - output: ${{ runner.temp }}/results - upload-database: false - - name: Check diagnostic appears in SARIF - uses: actions/github-script@v7 - env: - SARIF_PATH: ${{ runner.temp }}/results/go.sarif - with: - script: | - const fs = require('fs'); + - uses: actions/setup-go@v5 + with: + go-version: '1.20' + - name: Build code + shell: bash + run: go build main.go + - uses: ./../action/analyze + with: + output: ${{ runner.temp }}/results + upload-database: false + - name: Check diagnostic appears in SARIF + uses: actions/github-script@v7 + env: + SARIF_PATH: ${{ runner.temp }}/results/go.sarif + with: + script: | + const fs = require('fs'); - const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8')); - const run = sarif.runs[0]; + const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8')); + const run = sarif.runs[0]; - const toolExecutionNotifications = run.invocations[0].toolExecutionNotifications; - const statusPageNotifications = toolExecutionNotifications.filter(n => - n.descriptor.id === 'go/workflow/go-installed-after-codeql-init' && n.properties?.visibility?.statusPage - ); - if (statusPageNotifications.length !== 1) { - core.setFailed( - 'Expected exactly one status page reporting descriptor for this diagnostic in the ' + - `'runs[].invocations[].toolExecutionNotifications[]' SARIF property, but found ` + - `${statusPageNotifications.length}. All notification reporting descriptors: ` + - `${JSON.stringify(toolExecutionNotifications)}.` + const toolExecutionNotifications = run.invocations[0].toolExecutionNotifications; + const statusPageNotifications = toolExecutionNotifications.filter(n => + n.descriptor.id === 'go/workflow/go-installed-after-codeql-init' && n.properties?.visibility?.statusPage ); - } + if (statusPageNotifications.length !== 1) { + core.setFailed( + 'Expected exactly one status page reporting descriptor for this diagnostic in the ' + + `'runs[].invocations[].toolExecutionNotifications[]' SARIF property, but found ` + + `${statusPageNotifications.length}. All notification reporting descriptors: ` + + `${JSON.stringify(toolExecutionNotifications)}.` + ); + } env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__go-indirect-tracing-workaround.yml b/.github/workflows/__go-indirect-tracing-workaround.yml index 11c164fa59..3dd584fc16 100644 --- a/.github/workflows/__go-indirect-tracing-workaround.yml +++ b/.github/workflows/__go-indirect-tracing-workaround.yml @@ -11,22 +11,24 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: go-indirect-tracing-workaround: strategy: matrix: include: - - os: ubuntu-latest - version: stable-v2.14.6 + - os: ubuntu-latest + version: stable-v2.14.6 name: 'Go: workaround for indirect tracing' permissions: contents: read @@ -34,71 +36,71 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: actions/setup-go@v5 - with: + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: actions/setup-go@v5 + with: # We need a Go version that ships with statically linked binaries on Linux - go-version: '>=1.21.0' - - uses: ./../action/init - with: - languages: go - tools: ${{ steps.prepare-test.outputs.tools-url }} - - name: Build code - shell: bash - run: go build main.go - - uses: ./../action/analyze - with: - upload-database: false - - shell: bash - run: | - if [[ -z "${CODEQL_ACTION_GO_BINARY}" ]]; then - echo "Expected the workaround for indirect tracing of static binaries to trigger, but the" \ - "CODEQL_ACTION_GO_BINARY environment variable is not set." - exit 1 - fi - if [[ ! -f "${CODEQL_ACTION_GO_BINARY}" ]]; then - echo "CODEQL_ACTION_GO_BINARY is set, but the corresponding script does not exist." - exit 1 - fi + go-version: '>=1.21.0' + - uses: ./../action/init + with: + languages: go + tools: ${{ steps.prepare-test.outputs.tools-url }} + - name: Build code + shell: bash + run: go build main.go + - uses: ./../action/analyze + with: + upload-database: false + - shell: bash + run: | + if [[ -z "${CODEQL_ACTION_GO_BINARY}" ]]; then + echo "Expected the workaround for indirect tracing of static binaries to trigger, but the" \ + "CODEQL_ACTION_GO_BINARY environment variable is not set." + exit 1 + fi + if [[ ! -f "${CODEQL_ACTION_GO_BINARY}" ]]; then + echo "CODEQL_ACTION_GO_BINARY is set, but the corresponding script does not exist." + exit 1 + fi - # Once we start running Bash 4.2 in all environments, we can replace the - # `! -z` flag with the more elegant `-v` which confirms that the variable - # is actually unset and not potentially set to a blank value. - if [[ ! -z "${CODEQL_ACTION_DID_AUTOBUILD_GOLANG}" ]]; then - echo "Expected the Go autobuilder not to be run, but the" \ - "CODEQL_ACTION_DID_AUTOBUILD_GOLANG environment variable was set." - exit 1 - fi - cd "$RUNNER_TEMP/codeql_databases" - if [[ ! -d go ]]; then - echo "Did not find a Go database" - exit 1 - fi + # Once we start running Bash 4.2 in all environments, we can replace the + # `! -z` flag with the more elegant `-v` which confirms that the variable + # is actually unset and not potentially set to a blank value. + if [[ ! -z "${CODEQL_ACTION_DID_AUTOBUILD_GOLANG}" ]]; then + echo "Expected the Go autobuilder not to be run, but the" \ + "CODEQL_ACTION_DID_AUTOBUILD_GOLANG environment variable was set." + exit 1 + fi + cd "$RUNNER_TEMP/codeql_databases" + if [[ ! -d go ]]; then + echo "Did not find a Go database" + exit 1 + fi env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__go-tracing-autobuilder.yml b/.github/workflows/__go-tracing-autobuilder.yml index 5f1c28df3d..14bc3d00ed 100644 --- a/.github/workflows/__go-tracing-autobuilder.yml +++ b/.github/workflows/__go-tracing-autobuilder.yml @@ -11,48 +11,50 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: go-tracing-autobuilder: strategy: matrix: include: - - os: ubuntu-latest - version: stable-20221211 - - os: macos-latest - version: stable-20221211 - - os: ubuntu-latest - version: stable-20230418 - - os: macos-latest - version: stable-20230418 - - os: ubuntu-latest - version: stable-v2.13.5 - - os: macos-latest - version: stable-v2.13.5 - - os: ubuntu-latest - version: stable-v2.14.6 - - os: macos-latest - version: stable-v2.14.6 - - os: ubuntu-latest - version: default - - os: macos-latest - version: default - - os: ubuntu-latest - version: latest - - os: macos-latest - version: latest - - os: ubuntu-latest - version: nightly-latest - - os: macos-latest - version: nightly-latest + - os: ubuntu-latest + version: stable-20221211 + - os: macos-latest + version: stable-20221211 + - os: ubuntu-latest + version: stable-20230418 + - os: macos-latest + version: stable-20230418 + - os: ubuntu-latest + version: stable-v2.13.5 + - os: macos-latest + version: stable-v2.13.5 + - os: ubuntu-latest + version: stable-v2.14.6 + - os: macos-latest + version: stable-v2.14.6 + - os: ubuntu-latest + version: default + - os: macos-latest + version: default + - os: ubuntu-latest + version: latest + - os: macos-latest + version: latest + - os: ubuntu-latest + version: nightly-latest + - os: macos-latest + version: nightly-latest name: 'Go: tracing with autobuilder step' permissions: contents: read @@ -60,58 +62,58 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: actions/setup-go@v5 - with: - go-version: ~1.22.0 + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: actions/setup-go@v5 + with: + go-version: ~1.22.0 # to avoid potentially misleading autobuilder results where we expect it to download # dependencies successfully, but they actually come from a warm cache - cache: false - - uses: ./../action/init - with: - languages: go - tools: ${{ steps.prepare-test.outputs.tools-url }} - - uses: ./../action/autobuild - - uses: ./../action/analyze - with: - upload-database: false - - shell: bash - run: | - if [[ "${CODEQL_ACTION_DID_AUTOBUILD_GOLANG}" != true ]]; then - echo "Expected the Go autobuilder to be run, but the" \ - "CODEQL_ACTION_DID_AUTOBUILD_GOLANG environment variable was not true." - exit 1 - fi - cd "$RUNNER_TEMP/codeql_databases" - if [[ ! -d go ]]; then - echo "Did not find a Go database" - exit 1 - fi + cache: false + - uses: ./../action/init + with: + languages: go + tools: ${{ steps.prepare-test.outputs.tools-url }} + - uses: ./../action/autobuild + - uses: ./../action/analyze + with: + upload-database: false + - shell: bash + run: | + if [[ "${CODEQL_ACTION_DID_AUTOBUILD_GOLANG}" != true ]]; then + echo "Expected the Go autobuilder to be run, but the" \ + "CODEQL_ACTION_DID_AUTOBUILD_GOLANG environment variable was not true." + exit 1 + fi + cd "$RUNNER_TEMP/codeql_databases" + if [[ ! -d go ]]; then + echo "Did not find a Go database" + exit 1 + fi env: DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false' CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__go-tracing-custom-build-steps.yml b/.github/workflows/__go-tracing-custom-build-steps.yml index 7d55eaa069..e86ed18e44 100644 --- a/.github/workflows/__go-tracing-custom-build-steps.yml +++ b/.github/workflows/__go-tracing-custom-build-steps.yml @@ -11,48 +11,50 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: go-tracing-custom-build-steps: strategy: matrix: include: - - os: ubuntu-latest - version: stable-20221211 - - os: macos-latest - version: stable-20221211 - - os: ubuntu-latest - version: stable-20230418 - - os: macos-latest - version: stable-20230418 - - os: ubuntu-latest - version: stable-v2.13.5 - - os: macos-latest - version: stable-v2.13.5 - - os: ubuntu-latest - version: stable-v2.14.6 - - os: macos-latest - version: stable-v2.14.6 - - os: ubuntu-latest - version: default - - os: macos-latest - version: default - - os: ubuntu-latest - version: latest - - os: macos-latest - version: latest - - os: ubuntu-latest - version: nightly-latest - - os: macos-latest - version: nightly-latest + - os: ubuntu-latest + version: stable-20221211 + - os: macos-latest + version: stable-20221211 + - os: ubuntu-latest + version: stable-20230418 + - os: macos-latest + version: stable-20230418 + - os: ubuntu-latest + version: stable-v2.13.5 + - os: macos-latest + version: stable-v2.13.5 + - os: ubuntu-latest + version: stable-v2.14.6 + - os: macos-latest + version: stable-v2.14.6 + - os: ubuntu-latest + version: default + - os: macos-latest + version: default + - os: ubuntu-latest + version: latest + - os: macos-latest + version: latest + - os: ubuntu-latest + version: nightly-latest + - os: macos-latest + version: nightly-latest name: 'Go: tracing with custom build steps' permissions: contents: read @@ -60,62 +62,62 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: actions/setup-go@v5 - with: - go-version: ~1.22.0 + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: actions/setup-go@v5 + with: + go-version: ~1.22.0 # to avoid potentially misleading autobuilder results where we expect it to download # dependencies successfully, but they actually come from a warm cache - cache: false - - uses: ./../action/init - with: - languages: go - tools: ${{ steps.prepare-test.outputs.tools-url }} - - name: Build code - shell: bash - run: go build main.go - - uses: ./../action/analyze - with: - upload-database: false - - shell: bash - run: | - # Once we start running Bash 4.2 in all environments, we can replace the - # `! -z` flag with the more elegant `-v` which confirms that the variable - # is actually unset and not potentially set to a blank value. - if [[ ! -z "${CODEQL_ACTION_DID_AUTOBUILD_GOLANG}" ]]; then - echo "Expected the Go autobuilder not to be run, but the" \ - "CODEQL_ACTION_DID_AUTOBUILD_GOLANG environment variable was set." - exit 1 - fi - cd "$RUNNER_TEMP/codeql_databases" - if [[ ! -d go ]]; then - echo "Did not find a Go database" - exit 1 - fi + cache: false + - uses: ./../action/init + with: + languages: go + tools: ${{ steps.prepare-test.outputs.tools-url }} + - name: Build code + shell: bash + run: go build main.go + - uses: ./../action/analyze + with: + upload-database: false + - shell: bash + run: | + # Once we start running Bash 4.2 in all environments, we can replace the + # `! -z` flag with the more elegant `-v` which confirms that the variable + # is actually unset and not potentially set to a blank value. + if [[ ! -z "${CODEQL_ACTION_DID_AUTOBUILD_GOLANG}" ]]; then + echo "Expected the Go autobuilder not to be run, but the" \ + "CODEQL_ACTION_DID_AUTOBUILD_GOLANG environment variable was set." + exit 1 + fi + cd "$RUNNER_TEMP/codeql_databases" + if [[ ! -d go ]]; then + echo "Did not find a Go database" + exit 1 + fi env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__go-tracing-legacy-workflow.yml b/.github/workflows/__go-tracing-legacy-workflow.yml index a1e9bb5cee..05451817a8 100644 --- a/.github/workflows/__go-tracing-legacy-workflow.yml +++ b/.github/workflows/__go-tracing-legacy-workflow.yml @@ -11,48 +11,50 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: go-tracing-legacy-workflow: strategy: matrix: include: - - os: ubuntu-latest - version: stable-20221211 - - os: macos-latest - version: stable-20221211 - - os: ubuntu-latest - version: stable-20230418 - - os: macos-latest - version: stable-20230418 - - os: ubuntu-latest - version: stable-v2.13.5 - - os: macos-latest - version: stable-v2.13.5 - - os: ubuntu-latest - version: stable-v2.14.6 - - os: macos-latest - version: stable-v2.14.6 - - os: ubuntu-latest - version: default - - os: macos-latest - version: default - - os: ubuntu-latest - version: latest - - os: macos-latest - version: latest - - os: ubuntu-latest - version: nightly-latest - - os: macos-latest - version: nightly-latest + - os: ubuntu-latest + version: stable-20221211 + - os: macos-latest + version: stable-20221211 + - os: ubuntu-latest + version: stable-20230418 + - os: macos-latest + version: stable-20230418 + - os: ubuntu-latest + version: stable-v2.13.5 + - os: macos-latest + version: stable-v2.13.5 + - os: ubuntu-latest + version: stable-v2.14.6 + - os: macos-latest + version: stable-v2.14.6 + - os: ubuntu-latest + version: default + - os: macos-latest + version: default + - os: ubuntu-latest + version: latest + - os: macos-latest + version: latest + - os: ubuntu-latest + version: nightly-latest + - os: macos-latest + version: nightly-latest name: 'Go: tracing with legacy workflow' permissions: contents: read @@ -60,52 +62,52 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: actions/setup-go@v5 - with: - go-version: ~1.22.0 + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: actions/setup-go@v5 + with: + go-version: ~1.22.0 # to avoid potentially misleading autobuilder results where we expect it to download # dependencies successfully, but they actually come from a warm cache - cache: false - - uses: ./../action/init - with: - languages: go - tools: ${{ steps.prepare-test.outputs.tools-url }} - - uses: ./../action/analyze - with: - upload-database: false - - shell: bash - run: | - cd "$RUNNER_TEMP/codeql_databases" - if [[ ! -d go ]]; then - echo "Did not find a Go database" - exit 1 - fi + cache: false + - uses: ./../action/init + with: + languages: go + tools: ${{ steps.prepare-test.outputs.tools-url }} + - uses: ./../action/analyze + with: + upload-database: false + - shell: bash + run: | + cd "$RUNNER_TEMP/codeql_databases" + if [[ ! -d go ]]; then + echo "Did not find a Go database" + exit 1 + fi env: DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false' CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__init-with-registries.yml b/.github/workflows/__init-with-registries.yml index 6e41cf0a00..d083c5d730 100644 --- a/.github/workflows/__init-with-registries.yml +++ b/.github/workflows/__init-with-registries.yml @@ -11,38 +11,40 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: init-with-registries: strategy: matrix: include: - - os: ubuntu-latest - version: default - - os: macos-latest - version: default - - os: windows-latest - version: default - - os: ubuntu-latest - version: latest - - os: macos-latest - version: latest - - os: windows-latest - version: latest - - os: ubuntu-latest - version: nightly-latest - - os: macos-latest - version: nightly-latest - - os: windows-latest - version: nightly-latest + - os: ubuntu-latest + version: default + - os: macos-latest + version: default + - os: windows-latest + version: default + - os: ubuntu-latest + version: latest + - os: macos-latest + version: latest + - os: windows-latest + version: latest + - os: ubuntu-latest + version: nightly-latest + - os: macos-latest + version: nightly-latest + - os: windows-latest + version: nightly-latest name: 'Packaging: Download using registries' permissions: contents: read @@ -51,94 +53,94 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - name: Init with registries - uses: ./../action/init - with: - db-location: ${{ runner.temp }}/customDbLocation - tools: ${{ steps.prepare-test.outputs.tools-url }} - config-file: ./.github/codeql/codeql-config-registries.yml - languages: javascript - registries: | - - url: "https://ghcr.io/v2/" - packages: "*/*" - token: "${{ secrets.GITHUB_TOKEN }}" + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - name: Init with registries + uses: ./../action/init + with: + db-location: ${{ runner.temp }}/customDbLocation + tools: ${{ steps.prepare-test.outputs.tools-url }} + config-file: ./.github/codeql/codeql-config-registries.yml + languages: javascript + registries: | + - url: "https://ghcr.io/v2/" + packages: "*/*" + token: "${{ secrets.GITHUB_TOKEN }}" - - name: Verify packages installed - shell: bash - run: | - PRIVATE_PACK="$HOME/.codeql/packages/codeql-testing/private-pack" - CODEQL_PACK1="$HOME/.codeql/packages/codeql-testing/codeql-pack1" + - name: Verify packages installed + shell: bash + run: | + PRIVATE_PACK="$HOME/.codeql/packages/codeql-testing/private-pack" + CODEQL_PACK1="$HOME/.codeql/packages/codeql-testing/codeql-pack1" - if [[ -d $PRIVATE_PACK ]] - then - echo "$PRIVATE_PACK was installed." - else - echo "::error $PRIVATE_PACK pack was not installed." - exit 1 - fi + if [[ -d $PRIVATE_PACK ]] + then + echo "$PRIVATE_PACK was installed." + else + echo "::error $PRIVATE_PACK pack was not installed." + exit 1 + fi - if [[ -d $CODEQL_PACK1 ]] - then - echo "$CODEQL_PACK1 was installed." - else - echo "::error $CODEQL_PACK1 pack was not installed." - exit 1 - fi + if [[ -d $CODEQL_PACK1 ]] + then + echo "$CODEQL_PACK1 was installed." + else + echo "::error $CODEQL_PACK1 pack was not installed." + exit 1 + fi - - name: Verify qlconfig.yml file was created - shell: bash - run: | - QLCONFIG_PATH=$RUNNER_TEMP/qlconfig.yml - echo "Expected qlconfig.yml file to be created at $QLCONFIG_PATH" - if [[ -f $QLCONFIG_PATH ]] - then - echo "qlconfig.yml file was created." - else - echo "::error qlconfig.yml file was not created." - exit 1 - fi + - name: Verify qlconfig.yml file was created + shell: bash + run: | + QLCONFIG_PATH=$RUNNER_TEMP/qlconfig.yml + echo "Expected qlconfig.yml file to be created at $QLCONFIG_PATH" + if [[ -f $QLCONFIG_PATH ]] + then + echo "qlconfig.yml file was created." + else + echo "::error qlconfig.yml file was not created." + exit 1 + fi - - name: Verify contents of qlconfig.yml + - name: Verify contents of qlconfig.yml # yq is not available on windows - if: runner.os != 'Windows' - shell: bash - run: | - QLCONFIG_PATH=$RUNNER_TEMP/qlconfig.yml - cat $QLCONFIG_PATH | yq -e '.registries[] | select(.url == "https://ghcr.io/v2/") | select(.packages == "*/*")' - if [[ $? -eq 0 ]] - then - echo "Registry was added to qlconfig.yml file." - else - echo "::error Registry was not added to qlconfig.yml file." - echo "Contents of qlconfig.yml file:" - cat $QLCONFIG_PATH - exit 1 - fi + if: runner.os != 'Windows' + shell: bash + run: | + QLCONFIG_PATH=$RUNNER_TEMP/qlconfig.yml + cat $QLCONFIG_PATH | yq -e '.registries[] | select(.url == "https://ghcr.io/v2/") | select(.packages == "*/*")' + if [[ $? -eq 0 ]] + then + echo "Registry was added to qlconfig.yml file." + else + echo "::error Registry was not added to qlconfig.yml file." + echo "Contents of qlconfig.yml file:" + cat $QLCONFIG_PATH + exit 1 + fi env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__javascript-source-root.yml b/.github/workflows/__javascript-source-root.yml index f87d5f9d2b..94b8d5110e 100644 --- a/.github/workflows/__javascript-source-root.yml +++ b/.github/workflows/__javascript-source-root.yml @@ -11,26 +11,28 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: javascript-source-root: strategy: matrix: include: - - os: ubuntu-latest - version: latest - - os: ubuntu-latest - version: default - - os: ubuntu-latest - version: nightly-latest + - os: ubuntu-latest + version: latest + - os: ubuntu-latest + version: default + - os: ubuntu-latest + version: nightly-latest name: Custom source root permissions: contents: read @@ -38,54 +40,54 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - name: Move codeql-action - shell: bash - run: | - mkdir ../new-source-root - mv * ../new-source-root - - uses: ./../action/init - with: - languages: javascript - source-root: ../new-source-root - tools: ${{ steps.prepare-test.outputs.tools-url }} - - uses: ./../action/analyze - with: - upload-database: false - skip-queries: true - upload: never - - name: Assert database exists - shell: bash - run: | - cd "$RUNNER_TEMP/codeql_databases" - if [[ ! -d javascript ]]; then - echo "Did not find a JavaScript database" - exit 1 - fi + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - name: Move codeql-action + shell: bash + run: | + mkdir ../new-source-root + mv * ../new-source-root + - uses: ./../action/init + with: + languages: javascript + source-root: ../new-source-root + tools: ${{ steps.prepare-test.outputs.tools-url }} + - uses: ./../action/analyze + with: + upload-database: false + skip-queries: true + upload: never + - name: Assert database exists + shell: bash + run: | + cd "$RUNNER_TEMP/codeql_databases" + if [[ ! -d javascript ]]; then + echo "Did not find a JavaScript database" + exit 1 + fi env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__language-aliases.yml b/.github/workflows/__language-aliases.yml index c796fdc72f..70965097e5 100644 --- a/.github/workflows/__language-aliases.yml +++ b/.github/workflows/__language-aliases.yml @@ -11,22 +11,24 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: language-aliases: strategy: matrix: include: - - os: ubuntu-latest - version: latest + - os: ubuntu-latest + version: latest name: Language aliases permissions: contents: read @@ -34,46 +36,46 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: ./../action/init - with: - languages: C#,java-kotlin,swift,typescript - tools: ${{ steps.prepare-test.outputs.tools-url }} + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: ./../action/init + with: + languages: C#,java-kotlin,swift,typescript + tools: ${{ steps.prepare-test.outputs.tools-url }} - - name: Check languages - run: | - expected_languages="csharp,java,swift,javascript" - actual_languages=$(jq -r '.languages | join(",")' "$RUNNER_TEMP"/config) + - name: Check languages + run: | + expected_languages="csharp,java,swift,javascript" + actual_languages=$(jq -r '.languages | join(",")' "$RUNNER_TEMP"/config) - if [ "$expected_languages" != "$actual_languages" ]; then - echo "Resolved languages did not match expected list. " \ - "Expected languages: $expected_languages. Actual languages: $actual_languages." - exit 1 - fi + if [ "$expected_languages" != "$actual_languages" ]; then + echo "Resolved languages did not match expected list. " \ + "Expected languages: $expected_languages. Actual languages: $actual_languages." + exit 1 + fi env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__multi-language-autodetect.yml b/.github/workflows/__multi-language-autodetect.yml index 0385d67f02..174740ea81 100644 --- a/.github/workflows/__multi-language-autodetect.yml +++ b/.github/workflows/__multi-language-autodetect.yml @@ -11,48 +11,50 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: multi-language-autodetect: strategy: matrix: include: - - os: ubuntu-latest - version: stable-20221211 - - os: macos-latest - version: stable-20221211 - - os: ubuntu-latest - version: stable-20230418 - - os: macos-latest - version: stable-20230418 - - os: ubuntu-latest - version: stable-v2.13.5 - - os: macos-latest - version: stable-v2.13.5 - - os: ubuntu-latest - version: stable-v2.14.6 - - os: macos-latest - version: stable-v2.14.6 - - os: ubuntu-latest - version: default - - os: macos-latest - version: default - - os: ubuntu-latest - version: latest - - os: macos-latest - version: latest - - os: ubuntu-latest - version: nightly-latest - - os: macos-latest - version: nightly-latest + - os: ubuntu-latest + version: stable-20221211 + - os: macos-latest + version: stable-20221211 + - os: ubuntu-latest + version: stable-20230418 + - os: macos-latest + version: stable-20230418 + - os: ubuntu-latest + version: stable-v2.13.5 + - os: macos-latest + version: stable-v2.13.5 + - os: ubuntu-latest + version: stable-v2.14.6 + - os: macos-latest + version: stable-v2.14.6 + - os: ubuntu-latest + version: default + - os: macos-latest + version: default + - os: ubuntu-latest + version: latest + - os: macos-latest + version: latest + - os: ubuntu-latest + version: nightly-latest + - os: macos-latest + version: nightly-latest name: Multi-language repository permissions: contents: read @@ -60,100 +62,100 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: ./../action/init - id: init - with: - db-location: ${{ runner.temp }}/customDbLocation - tools: ${{ steps.prepare-test.outputs.tools-url }} + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: ./../action/init + id: init + with: + db-location: ${{ runner.temp }}/customDbLocation + tools: ${{ steps.prepare-test.outputs.tools-url }} - - uses: ./../action/.github/actions/setup-swift - with: - codeql-path: ${{ steps.init.outputs.codeql-path }} + - uses: ./../action/.github/actions/setup-swift + with: + codeql-path: ${{ steps.init.outputs.codeql-path }} - - name: Build code - shell: bash - run: ./build.sh + - name: Build code + shell: bash + run: ./build.sh - - uses: ./../action/analyze - id: analysis - with: - upload-database: false + - uses: ./../action/analyze + id: analysis + with: + upload-database: false - - name: Check language autodetect for all languages excluding Swift - shell: bash - run: | - CPP_DB=${{ fromJson(steps.analysis.outputs.db-locations).cpp }} - if [[ ! -d $CPP_DB ]] || [[ ! $CPP_DB == ${{ runner.temp }}/customDbLocation/* ]]; then - echo "Did not create a database for CPP, or created it in the wrong location." - exit 1 - fi - CSHARP_DB=${{ fromJson(steps.analysis.outputs.db-locations).csharp }} - if [[ ! -d $CSHARP_DB ]] || [[ ! $CSHARP_DB == ${{ runner.temp }}/customDbLocation/* ]]; then - echo "Did not create a database for C Sharp, or created it in the wrong location." - exit 1 - fi - GO_DB=${{ fromJson(steps.analysis.outputs.db-locations).go }} - if [[ ! -d $GO_DB ]] || [[ ! $GO_DB == ${{ runner.temp }}/customDbLocation/* ]]; then - echo "Did not create a database for Go, or created it in the wrong location." - exit 1 - fi - JAVA_DB=${{ fromJson(steps.analysis.outputs.db-locations).java }} - if [[ ! -d $JAVA_DB ]] || [[ ! $JAVA_DB == ${{ runner.temp }}/customDbLocation/* ]]; then - echo "Did not create a database for Java, or created it in the wrong location." - exit 1 - fi - JAVASCRIPT_DB=${{ fromJson(steps.analysis.outputs.db-locations).javascript }} - if [[ ! -d $JAVASCRIPT_DB ]] || [[ ! $JAVASCRIPT_DB == ${{ runner.temp }}/customDbLocation/* ]]; then - echo "Did not create a database for Javascript, or created it in the wrong location." - exit 1 - fi - PYTHON_DB=${{ fromJson(steps.analysis.outputs.db-locations).python }} - if [[ ! -d $PYTHON_DB ]] || [[ ! $PYTHON_DB == ${{ runner.temp }}/customDbLocation/* ]]; then - echo "Did not create a database for Python, or created it in the wrong location." - exit 1 - fi - RUBY_DB=${{ fromJson(steps.analysis.outputs.db-locations).ruby }} - if [[ ! -d $RUBY_DB ]] || [[ ! $RUBY_DB == ${{ runner.temp }}/customDbLocation/* ]]; then - echo "Did not create a database for Ruby, or created it in the wrong location." - exit 1 - fi + - name: Check language autodetect for all languages excluding Swift + shell: bash + run: | + CPP_DB=${{ fromJson(steps.analysis.outputs.db-locations).cpp }} + if [[ ! -d $CPP_DB ]] || [[ ! $CPP_DB == ${{ runner.temp }}/customDbLocation/* ]]; then + echo "Did not create a database for CPP, or created it in the wrong location." + exit 1 + fi + CSHARP_DB=${{ fromJson(steps.analysis.outputs.db-locations).csharp }} + if [[ ! -d $CSHARP_DB ]] || [[ ! $CSHARP_DB == ${{ runner.temp }}/customDbLocation/* ]]; then + echo "Did not create a database for C Sharp, or created it in the wrong location." + exit 1 + fi + GO_DB=${{ fromJson(steps.analysis.outputs.db-locations).go }} + if [[ ! -d $GO_DB ]] || [[ ! $GO_DB == ${{ runner.temp }}/customDbLocation/* ]]; then + echo "Did not create a database for Go, or created it in the wrong location." + exit 1 + fi + JAVA_DB=${{ fromJson(steps.analysis.outputs.db-locations).java }} + if [[ ! -d $JAVA_DB ]] || [[ ! $JAVA_DB == ${{ runner.temp }}/customDbLocation/* ]]; then + echo "Did not create a database for Java, or created it in the wrong location." + exit 1 + fi + JAVASCRIPT_DB=${{ fromJson(steps.analysis.outputs.db-locations).javascript }} + if [[ ! -d $JAVASCRIPT_DB ]] || [[ ! $JAVASCRIPT_DB == ${{ runner.temp }}/customDbLocation/* ]]; then + echo "Did not create a database for Javascript, or created it in the wrong location." + exit 1 + fi + PYTHON_DB=${{ fromJson(steps.analysis.outputs.db-locations).python }} + if [[ ! -d $PYTHON_DB ]] || [[ ! $PYTHON_DB == ${{ runner.temp }}/customDbLocation/* ]]; then + echo "Did not create a database for Python, or created it in the wrong location." + exit 1 + fi + RUBY_DB=${{ fromJson(steps.analysis.outputs.db-locations).ruby }} + if [[ ! -d $RUBY_DB ]] || [[ ! $RUBY_DB == ${{ runner.temp }}/customDbLocation/* ]]; then + echo "Did not create a database for Ruby, or created it in the wrong location." + exit 1 + fi - - name: Check language autodetect for Swift - if: >- - env.CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT == 'true' || - (runner.os != 'Windows' && matrix.version == 'nightly-latest') - shell: bash - run: | - SWIFT_DB=${{ fromJson(steps.analysis.outputs.db-locations).swift }} - if [[ ! -d $SWIFT_DB ]] || [[ ! $SWIFT_DB == ${{ runner.temp }}/customDbLocation/* ]]; then - echo "Did not create a database for Swift, or created it in the wrong location." - exit 1 - fi + - name: Check language autodetect for Swift + if: >- + env.CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT == 'true' || + (runner.os != 'Windows' && matrix.version == 'nightly-latest') + shell: bash + run: | + SWIFT_DB=${{ fromJson(steps.analysis.outputs.db-locations).swift }} + if [[ ! -d $SWIFT_DB ]] || [[ ! $SWIFT_DB == ${{ runner.temp }}/customDbLocation/* ]]; then + echo "Did not create a database for Swift, or created it in the wrong location." + exit 1 + fi env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__packaging-codescanning-config-inputs-js.yml b/.github/workflows/__packaging-codescanning-config-inputs-js.yml index 07f16ab32b..e36abefc29 100644 --- a/.github/workflows/__packaging-codescanning-config-inputs-js.yml +++ b/.github/workflows/__packaging-codescanning-config-inputs-js.yml @@ -11,38 +11,40 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: packaging-codescanning-config-inputs-js: strategy: matrix: include: - - os: ubuntu-latest - version: latest - - os: macos-latest - version: latest - - os: windows-latest - version: latest - - os: ubuntu-latest - version: default - - os: macos-latest - version: default - - os: windows-latest - version: default - - os: ubuntu-latest - version: nightly-latest - - os: macos-latest - version: nightly-latest - - os: windows-latest - version: nightly-latest + - os: ubuntu-latest + version: latest + - os: macos-latest + version: latest + - os: windows-latest + version: latest + - os: ubuntu-latest + version: default + - os: macos-latest + version: default + - os: windows-latest + version: default + - os: ubuntu-latest + version: nightly-latest + - os: macos-latest + version: nightly-latest + - os: windows-latest + version: nightly-latest name: 'Packaging: Config and input passed to the CLI' permissions: contents: read @@ -50,67 +52,67 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: ./../action/init - with: - config-file: .github/codeql/codeql-config-packaging3.yml - packs: +codeql-testing/codeql-pack1@1.0.0 - languages: javascript - tools: ${{ steps.prepare-test.outputs.tools-url }} - - name: Build code - shell: bash - run: ./build.sh - - uses: ./../action/analyze - with: - output: ${{ runner.temp }}/results - upload-database: false + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: ./../action/init + with: + config-file: .github/codeql/codeql-config-packaging3.yml + packs: +codeql-testing/codeql-pack1@1.0.0 + languages: javascript + tools: ${{ steps.prepare-test.outputs.tools-url }} + - name: Build code + shell: bash + run: ./build.sh + - uses: ./../action/analyze + with: + output: ${{ runner.temp }}/results + upload-database: false - - name: Check results - uses: ./../action/.github/actions/check-sarif - with: - sarif-file: ${{ runner.temp }}/results/javascript.sarif - queries-run: - javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block - queries-not-run: foo,bar + - name: Check results + uses: ./../action/.github/actions/check-sarif + with: + sarif-file: ${{ runner.temp }}/results/javascript.sarif + queries-run: + javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block + queries-not-run: foo,bar - - name: Assert Results - shell: bash - run: | - cd "$RUNNER_TEMP/results" - # We should have 4 hits from these rules - EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block" + - name: Assert Results + shell: bash + run: | + cd "$RUNNER_TEMP/results" + # We should have 4 hits from these rules + EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block" - # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace - RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)" - echo "Found matching rules '$RULES'" - if [ "$RULES" != "$EXPECTED_RULES" ]; then - echo "Did not match expected rules '$EXPECTED_RULES'." - exit 1 - fi + # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace + RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)" + echo "Found matching rules '$RULES'" + if [ "$RULES" != "$EXPECTED_RULES" ]; then + echo "Did not match expected rules '$EXPECTED_RULES'." + exit 1 + fi env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__packaging-config-inputs-js.yml b/.github/workflows/__packaging-config-inputs-js.yml index 79a9034436..7b8d3746f1 100644 --- a/.github/workflows/__packaging-config-inputs-js.yml +++ b/.github/workflows/__packaging-config-inputs-js.yml @@ -11,38 +11,40 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: packaging-config-inputs-js: strategy: matrix: include: - - os: ubuntu-latest - version: latest - - os: macos-latest - version: latest - - os: windows-latest - version: latest - - os: ubuntu-latest - version: default - - os: macos-latest - version: default - - os: windows-latest - version: default - - os: ubuntu-latest - version: nightly-latest - - os: macos-latest - version: nightly-latest - - os: windows-latest - version: nightly-latest + - os: ubuntu-latest + version: latest + - os: macos-latest + version: latest + - os: windows-latest + version: latest + - os: ubuntu-latest + version: default + - os: macos-latest + version: default + - os: windows-latest + version: default + - os: ubuntu-latest + version: nightly-latest + - os: macos-latest + version: nightly-latest + - os: windows-latest + version: nightly-latest name: 'Packaging: Config and input' permissions: contents: read @@ -50,67 +52,67 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: ./../action/init - with: - config-file: .github/codeql/codeql-config-packaging3.yml - packs: +codeql-testing/codeql-pack1@1.0.0 - languages: javascript - tools: ${{ steps.prepare-test.outputs.tools-url }} - - name: Build code - shell: bash - run: ./build.sh - - uses: ./../action/analyze - with: - output: ${{ runner.temp }}/results - upload-database: false + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: ./../action/init + with: + config-file: .github/codeql/codeql-config-packaging3.yml + packs: +codeql-testing/codeql-pack1@1.0.0 + languages: javascript + tools: ${{ steps.prepare-test.outputs.tools-url }} + - name: Build code + shell: bash + run: ./build.sh + - uses: ./../action/analyze + with: + output: ${{ runner.temp }}/results + upload-database: false - - name: Check results - uses: ./../action/.github/actions/check-sarif - with: - sarif-file: ${{ runner.temp }}/results/javascript.sarif - queries-run: - javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block - queries-not-run: foo,bar + - name: Check results + uses: ./../action/.github/actions/check-sarif + with: + sarif-file: ${{ runner.temp }}/results/javascript.sarif + queries-run: + javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block + queries-not-run: foo,bar - - name: Assert Results - shell: bash - run: | - cd "$RUNNER_TEMP/results" - # We should have 4 hits from these rules - EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block" + - name: Assert Results + shell: bash + run: | + cd "$RUNNER_TEMP/results" + # We should have 4 hits from these rules + EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block" - # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace - RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)" - echo "Found matching rules '$RULES'" - if [ "$RULES" != "$EXPECTED_RULES" ]; then - echo "Did not match expected rules '$EXPECTED_RULES'." - exit 1 - fi + # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace + RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)" + echo "Found matching rules '$RULES'" + if [ "$RULES" != "$EXPECTED_RULES" ]; then + echo "Did not match expected rules '$EXPECTED_RULES'." + exit 1 + fi env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__packaging-config-js.yml b/.github/workflows/__packaging-config-js.yml index 8654b8eb8b..bf6b101349 100644 --- a/.github/workflows/__packaging-config-js.yml +++ b/.github/workflows/__packaging-config-js.yml @@ -11,38 +11,40 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: packaging-config-js: strategy: matrix: include: - - os: ubuntu-latest - version: latest - - os: macos-latest - version: latest - - os: windows-latest - version: latest - - os: ubuntu-latest - version: default - - os: macos-latest - version: default - - os: windows-latest - version: default - - os: ubuntu-latest - version: nightly-latest - - os: macos-latest - version: nightly-latest - - os: windows-latest - version: nightly-latest + - os: ubuntu-latest + version: latest + - os: macos-latest + version: latest + - os: windows-latest + version: latest + - os: ubuntu-latest + version: default + - os: macos-latest + version: default + - os: windows-latest + version: default + - os: ubuntu-latest + version: nightly-latest + - os: macos-latest + version: nightly-latest + - os: windows-latest + version: nightly-latest name: 'Packaging: Config file' permissions: contents: read @@ -50,66 +52,66 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: ./../action/init - with: - config-file: .github/codeql/codeql-config-packaging.yml - languages: javascript - tools: ${{ steps.prepare-test.outputs.tools-url }} - - name: Build code - shell: bash - run: ./build.sh - - uses: ./../action/analyze - with: - output: ${{ runner.temp }}/results - upload-database: false + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: ./../action/init + with: + config-file: .github/codeql/codeql-config-packaging.yml + languages: javascript + tools: ${{ steps.prepare-test.outputs.tools-url }} + - name: Build code + shell: bash + run: ./build.sh + - uses: ./../action/analyze + with: + output: ${{ runner.temp }}/results + upload-database: false - - name: Check results - uses: ./../action/.github/actions/check-sarif - with: - sarif-file: ${{ runner.temp }}/results/javascript.sarif - queries-run: - javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block - queries-not-run: foo,bar + - name: Check results + uses: ./../action/.github/actions/check-sarif + with: + sarif-file: ${{ runner.temp }}/results/javascript.sarif + queries-run: + javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block + queries-not-run: foo,bar - - name: Assert Results - shell: bash - run: | - cd "$RUNNER_TEMP/results" - # We should have 4 hits from these rules - EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block" + - name: Assert Results + shell: bash + run: | + cd "$RUNNER_TEMP/results" + # We should have 4 hits from these rules + EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block" - # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace - RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)" - echo "Found matching rules '$RULES'" - if [ "$RULES" != "$EXPECTED_RULES" ]; then - echo "Did not match expected rules '$EXPECTED_RULES'." - exit 1 - fi + # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace + RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)" + echo "Found matching rules '$RULES'" + if [ "$RULES" != "$EXPECTED_RULES" ]; then + echo "Did not match expected rules '$EXPECTED_RULES'." + exit 1 + fi env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__packaging-inputs-js.yml b/.github/workflows/__packaging-inputs-js.yml index 079da18d20..fa0a5768c9 100644 --- a/.github/workflows/__packaging-inputs-js.yml +++ b/.github/workflows/__packaging-inputs-js.yml @@ -11,38 +11,40 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: packaging-inputs-js: strategy: matrix: include: - - os: ubuntu-latest - version: latest - - os: macos-latest - version: latest - - os: windows-latest - version: latest - - os: ubuntu-latest - version: default - - os: macos-latest - version: default - - os: windows-latest - version: default - - os: ubuntu-latest - version: nightly-latest - - os: macos-latest - version: nightly-latest - - os: windows-latest - version: nightly-latest + - os: ubuntu-latest + version: latest + - os: macos-latest + version: latest + - os: windows-latest + version: latest + - os: ubuntu-latest + version: default + - os: macos-latest + version: default + - os: windows-latest + version: default + - os: ubuntu-latest + version: nightly-latest + - os: macos-latest + version: nightly-latest + - os: windows-latest + version: nightly-latest name: 'Packaging: Action input' permissions: contents: read @@ -50,66 +52,66 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: ./../action/init - with: - config-file: .github/codeql/codeql-config-packaging2.yml - languages: javascript - packs: codeql-testing/codeql-pack1@1.0.0, codeql-testing/codeql-pack2, codeql-testing/codeql-pack3:other-query.ql - tools: ${{ steps.prepare-test.outputs.tools-url }} - - name: Build code - shell: bash - run: ./build.sh - - uses: ./../action/analyze - with: - output: ${{ runner.temp }}/results + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: ./../action/init + with: + config-file: .github/codeql/codeql-config-packaging2.yml + languages: javascript + packs: codeql-testing/codeql-pack1@1.0.0, codeql-testing/codeql-pack2, codeql-testing/codeql-pack3:other-query.ql + tools: ${{ steps.prepare-test.outputs.tools-url }} + - name: Build code + shell: bash + run: ./build.sh + - uses: ./../action/analyze + with: + output: ${{ runner.temp }}/results - - name: Check results - uses: ./../action/.github/actions/check-sarif - with: - sarif-file: ${{ runner.temp }}/results/javascript.sarif - queries-run: - javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block - queries-not-run: foo,bar + - name: Check results + uses: ./../action/.github/actions/check-sarif + with: + sarif-file: ${{ runner.temp }}/results/javascript.sarif + queries-run: + javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block + queries-not-run: foo,bar - - name: Assert Results - shell: bash - run: | - cd "$RUNNER_TEMP/results" - # We should have 4 hits from these rules - EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block" + - name: Assert Results + shell: bash + run: | + cd "$RUNNER_TEMP/results" + # We should have 4 hits from these rules + EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block" - # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace - RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)" - echo "Found matching rules '$RULES'" - if [ "$RULES" != "$EXPECTED_RULES" ]; then - echo "Did not match expected rules '$EXPECTED_RULES'." - exit 1 - fi + # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace + RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)" + echo "Found matching rules '$RULES'" + if [ "$RULES" != "$EXPECTED_RULES" ]; then + echo "Did not match expected rules '$EXPECTED_RULES'." + exit 1 + fi env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__remote-config.yml b/.github/workflows/__remote-config.yml index d0f0e0d83a..a46201f99b 100644 --- a/.github/workflows/__remote-config.yml +++ b/.github/workflows/__remote-config.yml @@ -11,62 +11,64 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: remote-config: strategy: matrix: include: - - os: ubuntu-latest - version: stable-20221211 - - os: macos-latest - version: stable-20221211 - - os: windows-latest - version: stable-20221211 - - os: ubuntu-latest - version: stable-20230418 - - os: macos-latest - version: stable-20230418 - - os: windows-latest - version: stable-20230418 - - os: ubuntu-latest - version: stable-v2.13.5 - - os: macos-latest - version: stable-v2.13.5 - - os: windows-latest - version: stable-v2.13.5 - - os: ubuntu-latest - version: stable-v2.14.6 - - os: macos-latest - version: stable-v2.14.6 - - os: windows-latest - version: stable-v2.14.6 - - os: ubuntu-latest - version: default - - os: macos-latest - version: default - - os: windows-latest - version: default - - os: ubuntu-latest - version: latest - - os: macos-latest - version: latest - - os: windows-latest - version: latest - - os: ubuntu-latest - version: nightly-latest - - os: macos-latest - version: nightly-latest - - os: windows-latest - version: nightly-latest + - os: ubuntu-latest + version: stable-20221211 + - os: macos-latest + version: stable-20221211 + - os: windows-latest + version: stable-20221211 + - os: ubuntu-latest + version: stable-20230418 + - os: macos-latest + version: stable-20230418 + - os: windows-latest + version: stable-20230418 + - os: ubuntu-latest + version: stable-v2.13.5 + - os: macos-latest + version: stable-v2.13.5 + - os: windows-latest + version: stable-v2.13.5 + - os: ubuntu-latest + version: stable-v2.14.6 + - os: macos-latest + version: stable-v2.14.6 + - os: windows-latest + version: stable-v2.14.6 + - os: ubuntu-latest + version: default + - os: macos-latest + version: default + - os: windows-latest + version: default + - os: ubuntu-latest + version: latest + - os: macos-latest + version: latest + - os: windows-latest + version: latest + - os: ubuntu-latest + version: nightly-latest + - os: macos-latest + version: nightly-latest + - os: windows-latest + version: nightly-latest name: Remote config file permissions: contents: read @@ -74,41 +76,41 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: ./../action/init - with: - tools: ${{ steps.prepare-test.outputs.tools-url }} - languages: cpp,csharp,java,javascript,python - config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ - github.sha }} - - name: Build code - shell: bash - run: ./build.sh - - uses: ./../action/analyze + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: ./../action/init + with: + tools: ${{ steps.prepare-test.outputs.tools-url }} + languages: cpp,csharp,java,javascript,python + config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ + github.sha }} + - name: Build code + shell: bash + run: ./build.sh + - uses: ./../action/analyze env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__resolve-environment-action.yml b/.github/workflows/__resolve-environment-action.yml index e6d5a6f294..e3146aeb23 100644 --- a/.github/workflows/__resolve-environment-action.yml +++ b/.github/workflows/__resolve-environment-action.yml @@ -11,44 +11,46 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: resolve-environment-action: strategy: matrix: include: - - os: ubuntu-latest - version: stable-v2.13.4 - - os: macos-latest - version: stable-v2.13.4 - - os: windows-latest - version: stable-v2.13.4 - - os: ubuntu-latest - version: default - - os: macos-latest - version: default - - os: windows-latest - version: default - - os: ubuntu-latest - version: latest - - os: macos-latest - version: latest - - os: windows-latest - version: latest - - os: ubuntu-latest - version: nightly-latest - - os: macos-latest - version: nightly-latest - - os: windows-latest - version: nightly-latest + - os: ubuntu-latest + version: stable-v2.13.4 + - os: macos-latest + version: stable-v2.13.4 + - os: windows-latest + version: stable-v2.13.4 + - os: ubuntu-latest + version: default + - os: macos-latest + version: default + - os: windows-latest + version: default + - os: ubuntu-latest + version: latest + - os: macos-latest + version: latest + - os: windows-latest + version: latest + - os: ubuntu-latest + version: nightly-latest + - os: macos-latest + version: nightly-latest + - os: windows-latest + version: nightly-latest name: Resolve environment permissions: contents: read @@ -56,58 +58,58 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: ./../action/init - with: - languages: ${{ matrix.version == 'stable-v2.13.4' && 'go' || 'go,javascript-typescript' - }} - tools: ${{ steps.prepare-test.outputs.tools-url }} + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: ./../action/init + with: + languages: ${{ matrix.version == 'stable-v2.13.4' && 'go' || 'go,javascript-typescript' + }} + tools: ${{ steps.prepare-test.outputs.tools-url }} - - name: Resolve environment for Go - uses: ./../action/resolve-environment - id: resolve-environment-go - with: - language: go + - name: Resolve environment for Go + uses: ./../action/resolve-environment + id: resolve-environment-go + with: + language: go - - name: Fail if Go configuration missing - if: (!fromJSON(steps.resolve-environment-go.outputs.environment).configuration.go) - run: exit 1 + - name: Fail if Go configuration missing + if: (!fromJSON(steps.resolve-environment-go.outputs.environment).configuration.go) + run: exit 1 - - name: Resolve environment for JavaScript/TypeScript - if: matrix.version != 'stable-v2.13.4' - uses: ./../action/resolve-environment - id: resolve-environment-js - with: - language: javascript-typescript + - name: Resolve environment for JavaScript/TypeScript + if: matrix.version != 'stable-v2.13.4' + uses: ./../action/resolve-environment + id: resolve-environment-js + with: + language: javascript-typescript - - name: Fail if JavaScript/TypeScript configuration present - if: matrix.version != 'stable-v2.13.4' && - fromJSON(steps.resolve-environment-js.outputs.environment).configuration.javascript - run: exit 1 + - name: Fail if JavaScript/TypeScript configuration present + if: matrix.version != 'stable-v2.13.4' && + fromJSON(steps.resolve-environment-js.outputs.environment).configuration.javascript + run: exit 1 env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__rubocop-multi-language.yml b/.github/workflows/__rubocop-multi-language.yml index 9017c3d9a1..41ebce88f7 100644 --- a/.github/workflows/__rubocop-multi-language.yml +++ b/.github/workflows/__rubocop-multi-language.yml @@ -11,22 +11,24 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: rubocop-multi-language: strategy: matrix: include: - - os: ubuntu-latest - version: default + - os: ubuntu-latest + version: default name: RuboCop multi-language permissions: contents: read @@ -34,51 +36,51 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - name: Set up Ruby - uses: ruby/setup-ruby@v1 - with: - ruby-version: 2.6 - - name: Install Code Scanning integration - shell: bash - run: bundle add code-scanning-rubocop --version 0.3.0 --skip-install - - name: Install dependencies - shell: bash - run: bundle install - - name: RuboCop run - shell: bash - run: | - bash -c " - bundle exec rubocop --require code_scanning --format CodeScanning::SarifFormatter -o rubocop.sarif - [[ $? -ne 2 ]] - " - - uses: ./../action/upload-sarif - with: - sarif_file: rubocop.sarif + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - name: Set up Ruby + uses: ruby/setup-ruby@v1 + with: + ruby-version: 2.6 + - name: Install Code Scanning integration + shell: bash + run: bundle add code-scanning-rubocop --version 0.3.0 --skip-install + - name: Install dependencies + shell: bash + run: bundle install + - name: RuboCop run + shell: bash + run: | + bash -c " + bundle exec rubocop --require code_scanning --format CodeScanning::SarifFormatter -o rubocop.sarif + [[ $? -ne 2 ]] + " + - uses: ./../action/upload-sarif + with: + sarif_file: rubocop.sarif env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__ruby.yml b/.github/workflows/__ruby.yml index 2e48a2847d..6271415446 100644 --- a/.github/workflows/__ruby.yml +++ b/.github/workflows/__ruby.yml @@ -11,32 +11,34 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: ruby: strategy: matrix: include: - - os: ubuntu-latest - version: latest - - os: macos-latest - version: latest - - os: ubuntu-latest - version: default - - os: macos-latest - version: default - - os: ubuntu-latest - version: nightly-latest - - os: macos-latest - version: nightly-latest + - os: ubuntu-latest + version: latest + - os: macos-latest + version: latest + - os: ubuntu-latest + version: default + - os: macos-latest + version: default + - os: ubuntu-latest + version: nightly-latest + - os: macos-latest + version: nightly-latest name: Ruby analysis permissions: contents: read @@ -44,47 +46,47 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: ./../action/init - with: - languages: ruby - tools: ${{ steps.prepare-test.outputs.tools-url }} - - uses: ./../action/analyze - id: analysis - with: - upload-database: false - - name: Check database - shell: bash - run: | - RUBY_DB="${{ fromJson(steps.analysis.outputs.db-locations).ruby }}" - if [[ ! -d "$RUBY_DB" ]]; then - echo "Did not create a database for Ruby." - exit 1 - fi + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: ./../action/init + with: + languages: ruby + tools: ${{ steps.prepare-test.outputs.tools-url }} + - uses: ./../action/analyze + id: analysis + with: + upload-database: false + - name: Check database + shell: bash + run: | + RUBY_DB="${{ fromJson(steps.analysis.outputs.db-locations).ruby }}" + if [[ ! -d "$RUBY_DB" ]]; then + echo "Did not create a database for Ruby." + exit 1 + fi env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__scaling-reserved-ram.yml b/.github/workflows/__scaling-reserved-ram.yml index 5ca51822fb..b7a737823f 100644 --- a/.github/workflows/__scaling-reserved-ram.yml +++ b/.github/workflows/__scaling-reserved-ram.yml @@ -11,48 +11,50 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: scaling-reserved-ram: strategy: matrix: include: - - os: ubuntu-latest - version: stable-20221211 - - os: macos-latest - version: stable-20221211 - - os: ubuntu-latest - version: stable-20230418 - - os: macos-latest - version: stable-20230418 - - os: ubuntu-latest - version: stable-v2.13.5 - - os: macos-latest - version: stable-v2.13.5 - - os: ubuntu-latest - version: stable-v2.14.6 - - os: macos-latest - version: stable-v2.14.6 - - os: ubuntu-latest - version: default - - os: macos-latest - version: default - - os: ubuntu-latest - version: latest - - os: macos-latest - version: latest - - os: ubuntu-latest - version: nightly-latest - - os: macos-latest - version: nightly-latest + - os: ubuntu-latest + version: stable-20221211 + - os: macos-latest + version: stable-20221211 + - os: ubuntu-latest + version: stable-20230418 + - os: macos-latest + version: stable-20230418 + - os: ubuntu-latest + version: stable-v2.13.5 + - os: macos-latest + version: stable-v2.13.5 + - os: ubuntu-latest + version: stable-v2.14.6 + - os: macos-latest + version: stable-v2.14.6 + - os: ubuntu-latest + version: default + - os: macos-latest + version: default + - os: ubuntu-latest + version: latest + - os: macos-latest + version: latest + - os: ubuntu-latest + version: nightly-latest + - os: macos-latest + version: nightly-latest name: Scaling reserved RAM permissions: contents: read @@ -60,50 +62,50 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: ./../action/init - id: init - with: - db-location: ${{ runner.temp }}/customDbLocation - tools: ${{ steps.prepare-test.outputs.tools-url }} + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: ./../action/init + id: init + with: + db-location: ${{ runner.temp }}/customDbLocation + tools: ${{ steps.prepare-test.outputs.tools-url }} - - uses: ./../action/.github/actions/setup-swift - with: - codeql-path: ${{ steps.init.outputs.codeql-path }} + - uses: ./../action/.github/actions/setup-swift + with: + codeql-path: ${{ steps.init.outputs.codeql-path }} - - name: Build code - shell: bash - run: ./build.sh + - name: Build code + shell: bash + run: ./build.sh - - uses: ./../action/analyze - id: analysis - with: - upload-database: false + - uses: ./../action/analyze + id: analysis + with: + upload-database: false env: CODEQL_ACTION_SCALING_RESERVED_RAM: true CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__split-workflow.yml b/.github/workflows/__split-workflow.yml index 11820f6ddb..f65cf5884b 100644 --- a/.github/workflows/__split-workflow.yml +++ b/.github/workflows/__split-workflow.yml @@ -11,32 +11,34 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: split-workflow: strategy: matrix: include: - - os: ubuntu-latest - version: latest - - os: macos-latest - version: latest - - os: ubuntu-latest - version: default - - os: macos-latest - version: default - - os: ubuntu-latest - version: nightly-latest - - os: macos-latest - version: nightly-latest + - os: ubuntu-latest + version: latest + - os: macos-latest + version: latest + - os: ubuntu-latest + version: default + - os: macos-latest + version: default + - os: ubuntu-latest + version: nightly-latest + - os: macos-latest + version: nightly-latest name: Split workflow permissions: contents: read @@ -44,71 +46,71 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: ./../action/init - with: - config-file: .github/codeql/codeql-config-packaging3.yml - packs: +codeql-testing/codeql-pack1@1.0.0 - languages: javascript - tools: ${{ steps.prepare-test.outputs.tools-url }} - - name: Build code - shell: bash - run: ./build.sh - - uses: ./../action/analyze - with: - skip-queries: true - output: ${{ runner.temp }}/results - upload-database: false + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: ./../action/init + with: + config-file: .github/codeql/codeql-config-packaging3.yml + packs: +codeql-testing/codeql-pack1@1.0.0 + languages: javascript + tools: ${{ steps.prepare-test.outputs.tools-url }} + - name: Build code + shell: bash + run: ./build.sh + - uses: ./../action/analyze + with: + skip-queries: true + output: ${{ runner.temp }}/results + upload-database: false - - name: Assert No Results - shell: bash - run: | - if [ "$(ls -A $RUNNER_TEMP/results)" ]; then - echo "Expected results directory to be empty after skipping query execution!" - exit 1 - fi - - uses: ./../action/analyze - with: - output: ${{ runner.temp }}/results - upload-database: false - - name: Assert Results - shell: bash - run: | - cd "$RUNNER_TEMP/results" - # We should have 4 hits from these rules - EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block" + - name: Assert No Results + shell: bash + run: | + if [ "$(ls -A $RUNNER_TEMP/results)" ]; then + echo "Expected results directory to be empty after skipping query execution!" + exit 1 + fi + - uses: ./../action/analyze + with: + output: ${{ runner.temp }}/results + upload-database: false + - name: Assert Results + shell: bash + run: | + cd "$RUNNER_TEMP/results" + # We should have 4 hits from these rules + EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block" - # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace - RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)" - echo "Found matching rules '$RULES'" - if [ "$RULES" != "$EXPECTED_RULES" ]; then - echo "Did not match expected rules '$EXPECTED_RULES'." - exit 1 - fi + # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace + RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)" + echo "Found matching rules '$RULES'" + if [ "$RULES" != "$EXPECTED_RULES" ]; then + echo "Did not match expected rules '$EXPECTED_RULES'." + exit 1 + fi env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__submit-sarif-failure.yml b/.github/workflows/__submit-sarif-failure.yml index a50dc1aa92..c484810c8c 100644 --- a/.github/workflows/__submit-sarif-failure.yml +++ b/.github/workflows/__submit-sarif-failure.yml @@ -11,26 +11,28 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: submit-sarif-failure: strategy: matrix: include: - - os: ubuntu-latest - version: latest - - os: ubuntu-latest - version: default - - os: ubuntu-latest - version: nightly-latest + - os: ubuntu-latest + version: latest + - os: ubuntu-latest + version: default + - os: ubuntu-latest + version: nightly-latest name: Submit SARIF after failure permissions: contents: read @@ -38,49 +40,49 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: actions/checkout@v4 - - uses: ./init - with: - languages: javascript - - name: Fail + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: actions/checkout@v4 + - uses: ./init + with: + languages: javascript + - name: Fail # We want this job to pass if the Action correctly uploads the SARIF file for # the failed run. # Setting this step to continue on error means that it is marked as completing # successfully, so will not fail the job. - continue-on-error: true - run: exit 1 - - uses: ./analyze + continue-on-error: true + run: exit 1 + - uses: ./analyze # In a real workflow, this step wouldn't run. Since we used `continue-on-error` # above, we manually disable it with an `if` condition. - if: false - with: - category: /test-codeql-version:${{ matrix.version }} + if: false + with: + category: /test-codeql-version:${{ matrix.version }} env: # Internal-only environment variable used to indicate that the post-init Action # should expect to upload a SARIF file for the failed run. diff --git a/.github/workflows/__swift-custom-build.yml b/.github/workflows/__swift-custom-build.yml index 1643444139..4f4ff65eef 100644 --- a/.github/workflows/__swift-custom-build.yml +++ b/.github/workflows/__swift-custom-build.yml @@ -11,32 +11,34 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: swift-custom-build: strategy: matrix: include: - - os: ubuntu-latest - version: latest - - os: macos-latest - version: latest - - os: ubuntu-latest - version: default - - os: macos-latest - version: default - - os: ubuntu-latest - version: nightly-latest - - os: macos-latest - version: nightly-latest + - os: ubuntu-latest + version: latest + - os: macos-latest + version: latest + - os: ubuntu-latest + version: default + - os: macos-latest + version: default + - os: ubuntu-latest + version: nightly-latest + - os: macos-latest + version: nightly-latest name: Swift analysis using a custom build command permissions: contents: read @@ -44,58 +46,58 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: ./../action/init - id: init - with: - languages: swift - tools: ${{ steps.prepare-test.outputs.tools-url }} - - uses: ./../action/.github/actions/setup-swift - with: - codeql-path: ${{steps.init.outputs.codeql-path}} - - name: Check working directory - shell: bash - run: pwd - - name: Build code - shell: bash - run: ./build.sh - - uses: ./../action/analyze - id: analysis - with: - upload-database: false - - name: Check database - shell: bash - run: | - SWIFT_DB="${{ fromJson(steps.analysis.outputs.db-locations).swift }}" - if [[ ! -d "$SWIFT_DB" ]]; then - echo "Did not create a database for Swift." - exit 1 - fi + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: ./../action/init + id: init + with: + languages: swift + tools: ${{ steps.prepare-test.outputs.tools-url }} + - uses: ./../action/.github/actions/setup-swift + with: + codeql-path: ${{steps.init.outputs.codeql-path}} + - name: Check working directory + shell: bash + run: pwd + - name: Build code + shell: bash + run: ./build.sh + - uses: ./../action/analyze + id: analysis + with: + upload-database: false + - name: Check database + shell: bash + run: | + SWIFT_DB="${{ fromJson(steps.analysis.outputs.db-locations).swift }}" + if [[ ! -d "$SWIFT_DB" ]]; then + echo "Did not create a database for Swift." + exit 1 + fi env: DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false' CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__test-autobuild-working-dir.yml b/.github/workflows/__test-autobuild-working-dir.yml index 658f93e95a..d9db7683f4 100644 --- a/.github/workflows/__test-autobuild-working-dir.yml +++ b/.github/workflows/__test-autobuild-working-dir.yml @@ -11,22 +11,24 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: test-autobuild-working-dir: strategy: matrix: include: - - os: ubuntu-latest - version: latest + - os: ubuntu-latest + version: latest name: Autobuild working directory permissions: contents: read @@ -34,56 +36,56 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - name: Test setup - shell: bash - run: | - # Make sure that Gradle build succeeds in autobuild-dir ... - cp -a ../action/tests/java-repo autobuild-dir - # ... and fails if attempted in the current directory - echo > build.gradle - - uses: ./../action/init - with: - languages: java - tools: ${{ steps.prepare-test.outputs.tools-url }} - - uses: ./../action/autobuild - with: - working-directory: autobuild-dir - - uses: ./../action/analyze - with: - upload-database: false - - name: Check database - shell: bash - run: | - cd "$RUNNER_TEMP/codeql_databases" - if [[ ! -d java ]]; then - echo "Did not find a Java database" - exit 1 - fi + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - name: Test setup + shell: bash + run: | + # Make sure that Gradle build succeeds in autobuild-dir ... + cp -a ../action/tests/java-repo autobuild-dir + # ... and fails if attempted in the current directory + echo > build.gradle + - uses: ./../action/init + with: + languages: java + tools: ${{ steps.prepare-test.outputs.tools-url }} + - uses: ./../action/autobuild + with: + working-directory: autobuild-dir + - uses: ./../action/analyze + with: + upload-database: false + - name: Check database + shell: bash + run: | + cd "$RUNNER_TEMP/codeql_databases" + if [[ ! -d java ]]; then + echo "Did not find a Java database" + exit 1 + fi env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__test-local-codeql.yml b/.github/workflows/__test-local-codeql.yml index c4e85c2b5c..5dc36f873d 100644 --- a/.github/workflows/__test-local-codeql.yml +++ b/.github/workflows/__test-local-codeql.yml @@ -11,22 +11,24 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: test-local-codeql: strategy: matrix: include: - - os: ubuntu-latest - version: nightly-latest + - os: ubuntu-latest + version: nightly-latest name: Local CodeQL bundle permissions: contents: read @@ -34,50 +36,50 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - name: Fetch a CodeQL bundle - shell: bash - env: - CODEQL_URL: ${{ steps.prepare-test.outputs.tools-url }} - run: | - wget "$CODEQL_URL" - - id: init - uses: ./../action/init - with: - tools: ./codeql-bundle-linux64.tar.gz - - uses: ./../action/.github/actions/setup-swift - with: - codeql-path: ${{ steps.init.outputs.codeql-path }} - - name: Build code - shell: bash - run: ./build.sh - - uses: ./../action/analyze - with: - upload-database: false + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - name: Fetch a CodeQL bundle + shell: bash + env: + CODEQL_URL: ${{ steps.prepare-test.outputs.tools-url }} + run: | + wget "$CODEQL_URL" + - id: init + uses: ./../action/init + with: + tools: ./codeql-bundle-linux64.tar.gz + - uses: ./../action/.github/actions/setup-swift + with: + codeql-path: ${{ steps.init.outputs.codeql-path }} + - name: Build code + shell: bash + run: ./build.sh + - uses: ./../action/analyze + with: + upload-database: false env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__test-proxy.yml b/.github/workflows/__test-proxy.yml index b393677071..89f3aa2fdd 100644 --- a/.github/workflows/__test-proxy.yml +++ b/.github/workflows/__test-proxy.yml @@ -11,22 +11,24 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: test-proxy: strategy: matrix: include: - - os: ubuntu-latest - version: latest + - os: ubuntu-latest + version: latest name: Proxy test permissions: contents: read @@ -34,39 +36,39 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: ./../action/init - with: - languages: javascript - tools: ${{ steps.prepare-test.outputs.tools-url }} - - uses: ./../action/analyze - with: - upload-database: false + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: ./../action/init + with: + languages: javascript + tools: ${{ steps.prepare-test.outputs.tools-url }} + - uses: ./../action/analyze + with: + upload-database: false env: https_proxy: http://squid-proxy:3128 CODEQL_ACTION_TEST_MODE: true @@ -77,4 +79,4 @@ jobs: squid-proxy: image: ubuntu/squid:latest ports: - - 3128:3128 + - 3128:3128 diff --git a/.github/workflows/__unset-environment.yml b/.github/workflows/__unset-environment.yml index f8dd0defe6..c138451b8a 100644 --- a/.github/workflows/__unset-environment.yml +++ b/.github/workflows/__unset-environment.yml @@ -11,34 +11,36 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: unset-environment: strategy: matrix: include: - - os: ubuntu-latest - version: stable-20221211 - - os: ubuntu-latest - version: stable-20230418 - - os: ubuntu-latest - version: stable-v2.13.5 - - os: ubuntu-latest - version: stable-v2.14.6 - - os: ubuntu-latest - version: default - - os: ubuntu-latest - version: latest - - os: ubuntu-latest - version: nightly-latest + - os: ubuntu-latest + version: stable-20221211 + - os: ubuntu-latest + version: stable-20230418 + - os: ubuntu-latest + version: stable-v2.13.5 + - os: ubuntu-latest + version: stable-v2.14.6 + - os: ubuntu-latest + version: default + - os: ubuntu-latest + version: latest + - os: ubuntu-latest + version: nightly-latest name: Test unsetting environment variables permissions: contents: read @@ -46,87 +48,87 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: ./../action/init - id: init - with: - db-location: ${{ runner.temp }}/customDbLocation - tools: ${{ steps.prepare-test.outputs.tools-url }} - - uses: ./../action/.github/actions/setup-swift - with: - codeql-path: ${{ steps.init.outputs.codeql-path }} - - name: Build code - shell: bash + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: ./../action/init + id: init + with: + db-location: ${{ runner.temp }}/customDbLocation + tools: ${{ steps.prepare-test.outputs.tools-url }} + - uses: ./../action/.github/actions/setup-swift + with: + codeql-path: ${{ steps.init.outputs.codeql-path }} + - name: Build code + shell: bash # Disable Kotlin analysis while it's incompatible with Kotlin 1.8, until we find a # workaround for our PR checks. - run: env -i CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN=true PATH="$PATH" HOME="$HOME" - ./build.sh - - uses: ./../action/analyze - id: analysis - with: - upload-database: false - - shell: bash - run: | - CPP_DB="${{ fromJson(steps.analysis.outputs.db-locations).cpp }}" - if [[ ! -d "$CPP_DB" ]] || [[ ! "$CPP_DB" == "${RUNNER_TEMP}/customDbLocation/cpp" ]]; then - echo "::error::Did not create a database for CPP, or created it in the wrong location." \ - "Expected location was '${RUNNER_TEMP}/customDbLocation/cpp' but actual was '${CPP_DB}'" - exit 1 - fi - CSHARP_DB="${{ fromJson(steps.analysis.outputs.db-locations).csharp }}" - if [[ ! -d "$CSHARP_DB" ]] || [[ ! "$CSHARP_DB" == "${RUNNER_TEMP}/customDbLocation/csharp" ]]; then - echo "::error::Did not create a database for C Sharp, or created it in the wrong location." \ - "Expected location was '${RUNNER_TEMP}/customDbLocation/csharp' but actual was '${CSHARP_DB}'" - exit 1 - fi - GO_DB="${{ fromJson(steps.analysis.outputs.db-locations).go }}" - if [[ ! -d "$GO_DB" ]] || [[ ! "$GO_DB" == "${RUNNER_TEMP}/customDbLocation/go" ]]; then - echo "::error::Did not create a database for Go, or created it in the wrong location." \ - "Expected location was '${RUNNER_TEMP}/customDbLocation/go' but actual was '${GO_DB}'" - exit 1 - fi - JAVA_DB="${{ fromJson(steps.analysis.outputs.db-locations).java }}" - if [[ ! -d "$JAVA_DB" ]] || [[ ! "$JAVA_DB" == "${RUNNER_TEMP}/customDbLocation/java" ]]; then - echo "::error::Did not create a database for Java, or created it in the wrong location." \ - "Expected location was '${RUNNER_TEMP}/customDbLocation/java' but actual was '${JAVA_DB}'" - exit 1 - fi - JAVASCRIPT_DB="${{ fromJson(steps.analysis.outputs.db-locations).javascript }}" - if [[ ! -d "$JAVASCRIPT_DB" ]] || [[ ! "$JAVASCRIPT_DB" == "${RUNNER_TEMP}/customDbLocation/javascript" ]]; then - echo "::error::Did not create a database for Javascript, or created it in the wrong location." \ - "Expected location was '${RUNNER_TEMP}/customDbLocation/javascript' but actual was '${JAVASCRIPT_DB}'" - exit 1 - fi - PYTHON_DB="${{ fromJson(steps.analysis.outputs.db-locations).python }}" - if [[ ! -d "$PYTHON_DB" ]] || [[ ! "$PYTHON_DB" == "${RUNNER_TEMP}/customDbLocation/python" ]]; then - echo "::error::Did not create a database for Python, or created it in the wrong location." \ - "Expected location was '${RUNNER_TEMP}/customDbLocation/python' but actual was '${PYTHON_DB}'" - exit 1 - fi + run: env -i CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN=true PATH="$PATH" HOME="$HOME" + ./build.sh + - uses: ./../action/analyze + id: analysis + with: + upload-database: false + - shell: bash + run: | + CPP_DB="${{ fromJson(steps.analysis.outputs.db-locations).cpp }}" + if [[ ! -d "$CPP_DB" ]] || [[ ! "$CPP_DB" == "${RUNNER_TEMP}/customDbLocation/cpp" ]]; then + echo "::error::Did not create a database for CPP, or created it in the wrong location." \ + "Expected location was '${RUNNER_TEMP}/customDbLocation/cpp' but actual was '${CPP_DB}'" + exit 1 + fi + CSHARP_DB="${{ fromJson(steps.analysis.outputs.db-locations).csharp }}" + if [[ ! -d "$CSHARP_DB" ]] || [[ ! "$CSHARP_DB" == "${RUNNER_TEMP}/customDbLocation/csharp" ]]; then + echo "::error::Did not create a database for C Sharp, or created it in the wrong location." \ + "Expected location was '${RUNNER_TEMP}/customDbLocation/csharp' but actual was '${CSHARP_DB}'" + exit 1 + fi + GO_DB="${{ fromJson(steps.analysis.outputs.db-locations).go }}" + if [[ ! -d "$GO_DB" ]] || [[ ! "$GO_DB" == "${RUNNER_TEMP}/customDbLocation/go" ]]; then + echo "::error::Did not create a database for Go, or created it in the wrong location." \ + "Expected location was '${RUNNER_TEMP}/customDbLocation/go' but actual was '${GO_DB}'" + exit 1 + fi + JAVA_DB="${{ fromJson(steps.analysis.outputs.db-locations).java }}" + if [[ ! -d "$JAVA_DB" ]] || [[ ! "$JAVA_DB" == "${RUNNER_TEMP}/customDbLocation/java" ]]; then + echo "::error::Did not create a database for Java, or created it in the wrong location." \ + "Expected location was '${RUNNER_TEMP}/customDbLocation/java' but actual was '${JAVA_DB}'" + exit 1 + fi + JAVASCRIPT_DB="${{ fromJson(steps.analysis.outputs.db-locations).javascript }}" + if [[ ! -d "$JAVASCRIPT_DB" ]] || [[ ! "$JAVASCRIPT_DB" == "${RUNNER_TEMP}/customDbLocation/javascript" ]]; then + echo "::error::Did not create a database for Javascript, or created it in the wrong location." \ + "Expected location was '${RUNNER_TEMP}/customDbLocation/javascript' but actual was '${JAVASCRIPT_DB}'" + exit 1 + fi + PYTHON_DB="${{ fromJson(steps.analysis.outputs.db-locations).python }}" + if [[ ! -d "$PYTHON_DB" ]] || [[ ! "$PYTHON_DB" == "${RUNNER_TEMP}/customDbLocation/python" ]]; then + echo "::error::Did not create a database for Python, or created it in the wrong location." \ + "Expected location was '${RUNNER_TEMP}/customDbLocation/python' but actual was '${PYTHON_DB}'" + exit 1 + fi env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__upload-ref-sha-input.yml b/.github/workflows/__upload-ref-sha-input.yml index 37f0e6a16b..74a46713a1 100644 --- a/.github/workflows/__upload-ref-sha-input.yml +++ b/.github/workflows/__upload-ref-sha-input.yml @@ -11,26 +11,28 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: upload-ref-sha-input: strategy: matrix: include: - - os: ubuntu-latest - version: default - - os: macos-latest - version: default - - os: windows-latest - version: default + - os: ubuntu-latest + version: default + - os: macos-latest + version: default + - os: windows-latest + version: default name: "Upload-sarif: 'ref' and 'sha' from inputs" permissions: contents: read @@ -38,50 +40,50 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - uses: ./../action/init - with: - tools: ${{ steps.prepare-test.outputs.tools-url }} - languages: cpp,csharp,java,javascript,python - config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ - github.sha }} - - name: Build code - shell: bash - run: ./build.sh - - uses: ./../action/analyze - with: - upload-database: false - ref: refs/heads/main - sha: 5e235361806c361d4d3f8859e3c897658025a9a2 - upload: never - - uses: ./../action/upload-sarif - with: - ref: refs/heads/main - sha: 5e235361806c361d4d3f8859e3c897658025a9a2 + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - uses: ./../action/init + with: + tools: ${{ steps.prepare-test.outputs.tools-url }} + languages: cpp,csharp,java,javascript,python + config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ + github.sha }} + - name: Build code + shell: bash + run: ./build.sh + - uses: ./../action/analyze + with: + upload-database: false + ref: refs/heads/main + sha: 5e235361806c361d4d3f8859e3c897658025a9a2 + upload: never + - uses: ./../action/upload-sarif + with: + ref: refs/heads/main + sha: 5e235361806c361d4d3f8859e3c897658025a9a2 env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__with-checkout-path.yml b/.github/workflows/__with-checkout-path.yml index 22f3960e2e..a41cce7a41 100644 --- a/.github/workflows/__with-checkout-path.yml +++ b/.github/workflows/__with-checkout-path.yml @@ -11,26 +11,28 @@ env: on: push: branches: - - main - - releases/v* + - main + - releases/v* pull_request: types: - - opened - - synchronize - - reopened - - ready_for_review + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: with-checkout-path: strategy: matrix: include: - - os: ubuntu-latest - version: latest - - os: macos-latest - version: latest - - os: windows-latest - version: latest + - os: ubuntu-latest + version: latest + - os: macos-latest + version: latest + - os: windows-latest + version: latest name: Use a custom `checkout_path` permissions: contents: read @@ -38,100 +40,100 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - - name: Setup Python on MacOS - uses: actions/setup-python@v5 - if: >- - matrix.os == 'macos-latest' && ( + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( - matrix.version == 'stable-20221211' || + matrix.version == 'stable-20221211' || - matrix.version == 'stable-20230418' || + matrix.version == 'stable-20230418' || - matrix.version == 'stable-v2.13.5' || + matrix.version == 'stable-v2.13.5' || - matrix.version == 'stable-v2.14.6') - with: - python-version: '3.11' - - name: Check out repository - uses: actions/checkout@v4 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - - name: Set environment variable for Swift enablement - if: runner.os != 'Windows' && matrix.version == '20221211' - shell: bash - run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - - name: Delete original checkout - shell: bash - run: | - # delete the original checkout so we don't accidentally use it. - # Actions does not support deleting the current working directory, so we - # delete the contents of the directory instead. - rm -rf ./* .github .git + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - name: Set environment variable for Swift enablement + if: runner.os != 'Windows' && matrix.version == '20221211' + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - name: Delete original checkout + shell: bash + run: | + # delete the original checkout so we don't accidentally use it. + # Actions does not support deleting the current working directory, so we + # delete the contents of the directory instead. + rm -rf ./* .github .git # Check out the actions repo again, but at a different location. # choose an arbitrary SHA so that we can later test that the commit_oid is not from main - - uses: actions/checkout@v4 - with: - ref: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6 - path: x/y/z/some-path + - uses: actions/checkout@v4 + with: + ref: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6 + path: x/y/z/some-path - - uses: ./../action/init - with: - tools: ${{ steps.prepare-test.outputs.tools-url }} + - uses: ./../action/init + with: + tools: ${{ steps.prepare-test.outputs.tools-url }} # it's enough to test one compiled language and one interpreted language - languages: csharp,javascript - source-root: x/y/z/some-path/tests/multi-language-repo + languages: csharp,javascript + source-root: x/y/z/some-path/tests/multi-language-repo - - name: Build code - shell: bash - working-directory: x/y/z/some-path/tests/multi-language-repo - run: | - ./build.sh + - name: Build code + shell: bash + working-directory: x/y/z/some-path/tests/multi-language-repo + run: | + ./build.sh - - uses: ./../action/analyze - with: - checkout_path: x/y/z/some-path/tests/multi-language-repo - ref: v1.1.0 - sha: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6 - upload: never - upload-database: false + - uses: ./../action/analyze + with: + checkout_path: x/y/z/some-path/tests/multi-language-repo + ref: v1.1.0 + sha: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6 + upload: never + upload-database: false - - uses: ./../action/upload-sarif - with: - ref: v1.1.0 - sha: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6 - checkout_path: x/y/z/some-path/tests/multi-language-repo + - uses: ./../action/upload-sarif + with: + ref: v1.1.0 + sha: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6 + checkout_path: x/y/z/some-path/tests/multi-language-repo - - name: Verify SARIF after upload - shell: bash - run: | - EXPECTED_COMMIT_OID="474bbf07f9247ffe1856c6a0f94aeeb10e7afee6" - EXPECTED_REF="v1.1.0" - EXPECTED_CHECKOUT_URI_SUFFIX="/x/y/z/some-path/tests/multi-language-repo" + - name: Verify SARIF after upload + shell: bash + run: | + EXPECTED_COMMIT_OID="474bbf07f9247ffe1856c6a0f94aeeb10e7afee6" + EXPECTED_REF="v1.1.0" + EXPECTED_CHECKOUT_URI_SUFFIX="/x/y/z/some-path/tests/multi-language-repo" - ACTUAL_COMMIT_OID="$(cat "$RUNNER_TEMP/payload.json" | jq -r .commit_oid)" - ACTUAL_REF="$(cat "$RUNNER_TEMP/payload.json" | jq -r .ref)" - ACTUAL_CHECKOUT_URI="$(cat "$RUNNER_TEMP/payload.json" | jq -r .checkout_uri)" + ACTUAL_COMMIT_OID="$(cat "$RUNNER_TEMP/payload.json" | jq -r .commit_oid)" + ACTUAL_REF="$(cat "$RUNNER_TEMP/payload.json" | jq -r .ref)" + ACTUAL_CHECKOUT_URI="$(cat "$RUNNER_TEMP/payload.json" | jq -r .checkout_uri)" - if [[ "$EXPECTED_COMMIT_OID" != "$ACTUAL_COMMIT_OID" ]]; then - echo "::error Invalid commit oid. Expected: $EXPECTED_COMMIT_OID Actual: $ACTUAL_COMMIT_OID" - echo "$RUNNER_TEMP/payload.json" - exit 1 - fi + if [[ "$EXPECTED_COMMIT_OID" != "$ACTUAL_COMMIT_OID" ]]; then + echo "::error Invalid commit oid. Expected: $EXPECTED_COMMIT_OID Actual: $ACTUAL_COMMIT_OID" + echo "$RUNNER_TEMP/payload.json" + exit 1 + fi - if [[ "$EXPECTED_REF" != "$ACTUAL_REF" ]]; then - echo "::error Invalid ref. Expected: '$EXPECTED_REF' Actual: '$ACTUAL_REF'" - echo "$RUNNER_TEMP/payload.json" - exit 1 - fi + if [[ "$EXPECTED_REF" != "$ACTUAL_REF" ]]; then + echo "::error Invalid ref. Expected: '$EXPECTED_REF' Actual: '$ACTUAL_REF'" + echo "$RUNNER_TEMP/payload.json" + exit 1 + fi - if [[ "$ACTUAL_CHECKOUT_URI" != *$EXPECTED_CHECKOUT_URI_SUFFIX ]]; then - echo "::error Invalid checkout URI suffix. Expected suffix: $EXPECTED_CHECKOUT_URI_SUFFIX Actual uri: $ACTUAL_CHECKOUT_URI" - echo "$RUNNER_TEMP/payload.json" - exit 1 - fi + if [[ "$ACTUAL_CHECKOUT_URI" != *$EXPECTED_CHECKOUT_URI_SUFFIX ]]; then + echo "::error Invalid checkout URI suffix. Expected suffix: $EXPECTED_CHECKOUT_URI_SUFFIX Actual uri: $ACTUAL_CHECKOUT_URI" + echo "$RUNNER_TEMP/payload.json" + exit 1 + fi env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/codescanning-config-cli.yml b/.github/workflows/codescanning-config-cli.yml index 37e174635f..eb59639243 100644 --- a/.github/workflows/codescanning-config-cli.yml +++ b/.github/workflows/codescanning-config-cli.yml @@ -15,6 +15,8 @@ on: - synchronize - reopened - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: diff --git a/.github/workflows/debug-artifacts-failure.yml b/.github/workflows/debug-artifacts-failure.yml index 1cce35f68e..30bbff8ed7 100644 --- a/.github/workflows/debug-artifacts-failure.yml +++ b/.github/workflows/debug-artifacts-failure.yml @@ -17,6 +17,8 @@ on: - synchronize - reopened - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: upload-artifacts: diff --git a/.github/workflows/debug-artifacts.yml b/.github/workflows/debug-artifacts.yml index a10ca211c3..cbe79731f7 100644 --- a/.github/workflows/debug-artifacts.yml +++ b/.github/workflows/debug-artifacts.yml @@ -16,6 +16,8 @@ on: - synchronize - reopened - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: upload-artifacts: diff --git a/.github/workflows/expected-queries-runs.yml b/.github/workflows/expected-queries-runs.yml index 59c36b7dad..10d080adaa 100644 --- a/.github/workflows/expected-queries-runs.yml +++ b/.github/workflows/expected-queries-runs.yml @@ -11,6 +11,8 @@ on: - synchronize - reopened - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: diff --git a/.github/workflows/query-filters.yml b/.github/workflows/query-filters.yml index b13e26577b..4bc9ea25aa 100644 --- a/.github/workflows/query-filters.yml +++ b/.github/workflows/query-filters.yml @@ -11,6 +11,8 @@ on: - synchronize - reopened - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: diff --git a/.github/workflows/test-codeql-bundle-all.yml b/.github/workflows/test-codeql-bundle-all.yml index 0ea140261b..5c8e16068b 100644 --- a/.github/workflows/test-codeql-bundle-all.yml +++ b/.github/workflows/test-codeql-bundle-all.yml @@ -16,6 +16,8 @@ on: - synchronize - reopened - ready_for_review + schedule: + - cron: '0 5 * * *' workflow_dispatch: {} jobs: test-codeql-bundle-all: diff --git a/pr-checks/sync.py b/pr-checks/sync.py index 6961c5c07a..5dc176562a 100755 --- a/pr-checks/sync.py +++ b/pr-checks/sync.py @@ -1,7 +1,7 @@ #!/usr/bin/env python import ruamel.yaml -from ruamel.yaml.scalarstring import FoldedScalarString +from ruamel.yaml.scalarstring import FoldedScalarString, SingleQuotedScalarString import pathlib import textwrap @@ -46,6 +46,7 @@ def writeHeader(checkStream): yaml = ruamel.yaml.YAML() yaml.Representer = NonAliasingRTRepresenter +yaml.indent(mapping=2, sequence=4, offset=2) this_dir = pathlib.Path(__file__).resolve().parent @@ -157,6 +158,7 @@ def writeHeader(checkStream): 'pull_request': { 'types': ["opened", "synchronize", "reopened", "ready_for_review"] }, + 'schedule': [{'cron': SingleQuotedScalarString('0 5 * * *')}], 'workflow_dispatch': {} }, 'jobs': { pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy