diff --git a/.github/workflows/__unset-environment.yml b/.github/workflows/__unset-environment.yml deleted file mode 100644 index 23d6ad255..000000000 --- a/.github/workflows/__unset-environment.yml +++ /dev/null @@ -1,97 +0,0 @@ -# Warning: This file is generated automatically, and should not be modified. -# Instead, please modify the template in the pr-checks directory and run: -# pip install ruamel.yaml && python3 sync.py -# to regenerate this file. - -name: PR Check - Test unsetting environment variables -env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GO111MODULE: auto -on: - push: - branches: - - main - - releases/v1 - - releases/v2 - pull_request: - types: - - opened - - synchronize - - reopened - - ready_for_review - workflow_dispatch: {} -jobs: - unset-environment: - strategy: - matrix: - include: - - os: ubuntu-latest - version: stable-20210308 - - os: ubuntu-latest - version: stable-20210319 - - os: ubuntu-latest - version: stable-20210809 - - os: ubuntu-latest - version: cached - - os: ubuntu-latest - version: latest - - os: ubuntu-latest - version: nightly-latest - name: Test unsetting environment variables - timeout-minutes: 45 - runs-on: ${{ matrix.os }} - steps: - - name: Check out repository - uses: actions/checkout@v3 - - name: Prepare test - id: prepare-test - uses: ./.github/prepare-test - with: - version: ${{ matrix.version }} - - uses: ./../action/init - with: - db-location: ${{ runner.temp }}/customDbLocation - tools: ${{ steps.prepare-test.outputs.tools-url }} - env: - TEST_MODE: true - - name: Build code - shell: bash - run: env -i PATH="$PATH" HOME="$HOME" ./build.sh - - uses: ./../action/analyze - id: analysis - env: - TEST_MODE: true - - shell: bash - run: | - CPP_DB=${{ fromJson(steps.analysis.outputs.db-locations).cpp }} - if [[ ! -d $CPP_DB ]] || [[ ! $CPP_DB == ${{ runner.temp }}/customDbLocation/* ]]; then - echo "Did not create a database for CPP, or created it in the wrong location." - exit 1 - fi - CSHARP_DB=${{ fromJson(steps.analysis.outputs.db-locations).csharp }} - if [[ ! -d $CSHARP_DB ]] || [[ ! $CSHARP_DB == ${{ runner.temp }}/customDbLocation/* ]]; then - echo "Did not create a database for C Sharp, or created it in the wrong location." - exit 1 - fi - GO_DB=${{ fromJson(steps.analysis.outputs.db-locations).go }} - if [[ ! -d $GO_DB ]] || [[ ! $GO_DB == ${{ runner.temp }}/customDbLocation/* ]]; then - echo "Did not create a database for Go, or created it in the wrong location." - exit 1 - fi - JAVA_DB=${{ fromJson(steps.analysis.outputs.db-locations).java }} - if [[ ! -d $JAVA_DB ]] || [[ ! $JAVA_DB == ${{ runner.temp }}/customDbLocation/* ]]; then - echo "Did not create a database for Java, or created it in the wrong location." - exit 1 - fi - JAVASCRIPT_DB=${{ fromJson(steps.analysis.outputs.db-locations).javascript }} - if [[ ! -d $JAVASCRIPT_DB ]] || [[ ! $JAVASCRIPT_DB == ${{ runner.temp }}/customDbLocation/* ]]; then - echo "Did not create a database for Javascript, or created it in the wrong location." - exit 1 - fi - PYTHON_DB=${{ fromJson(steps.analysis.outputs.db-locations).python }} - if [[ ! -d $PYTHON_DB ]] || [[ ! $PYTHON_DB == ${{ runner.temp }}/customDbLocation/* ]]; then - echo "Did not create a database for Python, or created it in the wrong location." - exit 1 - fi - env: - INTERNAL_CODEQL_ACTION_DEBUG_LOC: true diff --git a/.github/workflows/unset-environment-new-cli.yml b/.github/workflows/unset-environment-new-cli.yml new file mode 100644 index 000000000..39da1b36c --- /dev/null +++ b/.github/workflows/unset-environment-new-cli.yml @@ -0,0 +1,95 @@ +# See `unset-environment-old-cli.yml` for reasoning behind the separate tests. +name: PR Check - Test unsetting environment variables for CLI version >= 2.5.1 +env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GO111MODULE: auto +on: + push: + branches: + - main + - releases/v1 + - releases/v2 + pull_request: + types: + - opened + - synchronize + - reopened + - ready_for_review + workflow_dispatch: {} +jobs: + unset-environment: + strategy: + matrix: + include: + - os: ubuntu-latest + version: stable-20210809 + - os: ubuntu-latest + version: cached + - os: ubuntu-latest + version: latest + - os: ubuntu-latest + version: nightly-latest + name: Test unsetting environment variables + timeout-minutes: 45 + runs-on: ${{ matrix.os }} + steps: + - name: Check out repository + uses: actions/checkout@v3 + - name: Prepare test + id: prepare-test + uses: ./.github/prepare-test + with: + version: ${{ matrix.version }} + - uses: ./../action/init + with: + db-location: ${{ runner.temp }}/customDbLocation + tools: ${{ steps.prepare-test.outputs.tools-url }} + env: + TEST_MODE: true + - name: Build code + shell: bash + run: env -i PATH="$PATH" HOME="$HOME" ./build.sh + - uses: ./../action/analyze + id: analysis + env: + TEST_MODE: true + - shell: bash + run: | + CPP_DB="${{ fromJson(steps.analysis.outputs.db-locations).cpp }}" + if [[ ! -d "$CPP_DB" ]] || [[ ! "$CPP_DB" == "${RUNNER_TEMP}/customDbLocation/cpp" ]]; then + echo "::error::Did not create a database for CPP, or created it in the wrong location." \ + "Expected location was '${RUNNER_TEMP}/customDbLocation/cpp' but actual was '${CPP_DB}'" + exit 1 + fi + CSHARP_DB="${{ fromJson(steps.analysis.outputs.db-locations).csharp }}" + if [[ ! -d "$CSHARP_DB" ]] || [[ ! "$CSHARP_DB" == "${RUNNER_TEMP}/customDbLocation/csharp" ]]; then + echo "::error::Did not create a database for C Sharp, or created it in the wrong location." \ + "Expected location was '${RUNNER_TEMP}/customDbLocation/csharp' but actual was '${CSHARP_DB}'" + exit 1 + fi + GO_DB="${{ fromJson(steps.analysis.outputs.db-locations).go }}" + if [[ ! -d "$GO_DB" ]] || [[ ! "$GO_DB" == "${RUNNER_TEMP}/customDbLocation/go" ]]; then + echo "::error::Did not create a database for Go, or created it in the wrong location." \ + "Expected location was '${RUNNER_TEMP}/customDbLocation/go' but actual was '${GO_DB}'" + exit 1 + fi + JAVA_DB="${{ fromJson(steps.analysis.outputs.db-locations).java }}" + if [[ ! -d "$JAVA_DB" ]] || [[ ! "$JAVA_DB" == "${RUNNER_TEMP}/customDbLocation/java" ]]; then + echo "::error::Did not create a database for Java, or created it in the wrong location." \ + "Expected location was '${RUNNER_TEMP}/customDbLocation/java' but actual was '${JAVA_DB}'" + exit 1 + fi + JAVASCRIPT_DB="${{ fromJson(steps.analysis.outputs.db-locations).javascript }}" + if [[ ! -d "$JAVASCRIPT_DB" ]] || [[ ! "$JAVASCRIPT_DB" == "${RUNNER_TEMP}/customDbLocation/javascript" ]]; then + echo "::error::Did not create a database for Javascript, or created it in the wrong location." \ + "Expected location was '${RUNNER_TEMP}/customDbLocation/javascript' but actual was '${JAVASCRIPT_DB}'" + exit 1 + fi + PYTHON_DB="${{ fromJson(steps.analysis.outputs.db-locations).python }}" + if [[ ! -d "$PYTHON_DB" ]] || [[ ! "$PYTHON_DB" == "${RUNNER_TEMP}/customDbLocation/python" ]]; then + echo "::error::Did not create a database for Python, or created it in the wrong location." \ + "Expected location was '${RUNNER_TEMP}/customDbLocation/python' but actual was '${PYTHON_DB}'" + exit 1 + fi + env: + INTERNAL_CODEQL_ACTION_DEBUG_LOC: true diff --git a/.github/workflows/unset-environment-old-cli.yml b/.github/workflows/unset-environment-old-cli.yml new file mode 100644 index 000000000..281ced054 --- /dev/null +++ b/.github/workflows/unset-environment-old-cli.yml @@ -0,0 +1,89 @@ +# There was a bug, fixed in CLI v2.5.1, that didn't propagate environment +# variables that the Java tracer needed. Here we test all languages +# except Java for these CLI versions. In `unset-environment-new-cli.yml` +# we test all languages for recent CLI versions. +name: PR Check - Test unsetting environment variables for CLI version < 2.5.1 +env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GO111MODULE: auto +on: + push: + branches: + - main + - releases/v1 + - releases/v2 + pull_request: + types: + - opened + - synchronize + - reopened + - ready_for_review + workflow_dispatch: {} +jobs: + unset-environment: + strategy: + matrix: + include: + - os: ubuntu-latest + version: stable-20210308 + - os: ubuntu-latest + version: stable-20210319 + name: Test unsetting environment variables + timeout-minutes: 45 + runs-on: ${{ matrix.os }} + steps: + - name: Check out repository + uses: actions/checkout@v3 + - name: Prepare test + id: prepare-test + uses: ./.github/prepare-test + with: + version: ${{ matrix.version }} + - uses: ./../action/init + with: + languages: csharp,cpp,go,javascript,python + db-location: ${{ runner.temp }}/customDbLocation + tools: ${{ steps.prepare-test.outputs.tools-url }} + env: + TEST_MODE: true + - name: Build code + shell: bash + run: env -i PATH="$PATH" HOME="$HOME" ./build.sh + - uses: ./../action/analyze + id: analysis + env: + TEST_MODE: true + - shell: bash + run: | + CPP_DB="${{ fromJson(steps.analysis.outputs.db-locations).cpp }}" + if [[ ! -d "$CPP_DB" ]] || [[ ! "$CPP_DB" == "${RUNNER_TEMP}/customDbLocation/cpp" ]]; then + echo "::error::Did not create a database for CPP, or created it in the wrong location." \ + "Expected location was '${RUNNER_TEMP}/customDbLocation/cpp' but actual was '${CPP_DB}'" + exit 1 + fi + CSHARP_DB="${{ fromJson(steps.analysis.outputs.db-locations).csharp }}" + if [[ ! -d "$CSHARP_DB" ]] || [[ ! "$CSHARP_DB" == "${RUNNER_TEMP}/customDbLocation/csharp" ]]; then + echo "::error::Did not create a database for C Sharp, or created it in the wrong location." \ + "Expected location was '${RUNNER_TEMP}/customDbLocation/csharp' but actual was '${CSHARP_DB}'" + exit 1 + fi + GO_DB="${{ fromJson(steps.analysis.outputs.db-locations).go }}" + if [[ ! -d "$GO_DB" ]] || [[ ! "$GO_DB" == "${RUNNER_TEMP}/customDbLocation/go" ]]; then + echo "::error::Did not create a database for Go, or created it in the wrong location." \ + "Expected location was '${RUNNER_TEMP}/customDbLocation/go' but actual was '${GO_DB}'" + exit 1 + fi + JAVASCRIPT_DB="${{ fromJson(steps.analysis.outputs.db-locations).javascript }}" + if [[ ! -d "$JAVASCRIPT_DB" ]] || [[ ! "$JAVASCRIPT_DB" == "${RUNNER_TEMP}/customDbLocation/javascript" ]]; then + echo "::error::Did not create a database for Javascript, or created it in the wrong location." \ + "Expected location was '${RUNNER_TEMP}/customDbLocation/javascript' but actual was '${JAVASCRIPT_DB}'" + exit 1 + fi + PYTHON_DB="${{ fromJson(steps.analysis.outputs.db-locations).python }}" + if [[ ! -d "$PYTHON_DB" ]] || [[ ! "$PYTHON_DB" == "${RUNNER_TEMP}/customDbLocation/python" ]]; then + echo "::error::Did not create a database for Python, or created it in the wrong location." \ + "Expected location was '${RUNNER_TEMP}/customDbLocation/python' but actual was '${PYTHON_DB}'" + exit 1 + fi + env: + INTERNAL_CODEQL_ACTION_DEBUG_LOC: true diff --git a/CHANGELOG.md b/CHANGELOG.md index 720c2fb97..d32e15f01 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,7 @@ ## [UNRELEASED] -No user facing changes. +- Update default CodeQL bundle version to 2.11.0. [#1267](https://github.com/github/codeql-action/pull/1267) ## 2.1.25 - 21 Sep 2022 diff --git a/lib/actions-util.js b/lib/actions-util.js index 83a78e7cd..4f45467e0 100644 --- a/lib/actions-util.js +++ b/lib/actions-util.js @@ -452,7 +452,7 @@ async function getRef() { // in actions/checkout@v1 this may not be true as it checks out the repository // using GITHUB_REF. There is a subtle race condition where // git rev-parse GITHUB_REF != GITHUB_SHA, so we must check - // git git-parse GITHUB_REF == git rev-parse HEAD instead. + // git rev-parse GITHUB_REF == git rev-parse HEAD instead. const hasChangedRef = sha !== head && (await (0, exports.getCommitOid)(checkoutPath, ref.replace(/^refs\/pull\//, "refs/remotes/pull/"))) !== head; if (hasChangedRef) { diff --git a/lib/api-compatibility.json b/lib/api-compatibility.json index f881206a8..73d77986e 100644 --- a/lib/api-compatibility.json +++ b/lib/api-compatibility.json @@ -1 +1 @@ -{ "maximumVersion": "3.7", "minimumVersion": "3.2" } +{ "maximumVersion": "3.7", "minimumVersion": "3.3" } diff --git a/lib/defaults.json b/lib/defaults.json index 507d26f25..197d124e5 100644 --- a/lib/defaults.json +++ b/lib/defaults.json @@ -1,3 +1,3 @@ { - "bundleVersion": "codeql-bundle-20220908" + "bundleVersion": "codeql-bundle-20220923" } diff --git a/pr-checks/checks/unset-environment.yml b/pr-checks/checks/unset-environment.yml deleted file mode 100644 index f5d03e029..000000000 --- a/pr-checks/checks/unset-environment.yml +++ /dev/null @@ -1,49 +0,0 @@ -name: "Test unsetting environment variables" -description: "An end-to-end integration test that unsets some environment variables" -os: ["ubuntu-latest"] -steps: - - uses: ./../action/init - with: - db-location: "${{ runner.temp }}/customDbLocation" - tools: ${{ steps.prepare-test.outputs.tools-url }} - env: - TEST_MODE: true - - name: Build code - shell: bash - run: env -i PATH="$PATH" HOME="$HOME" ./build.sh - - uses: ./../action/analyze - id: analysis - env: - TEST_MODE: true - - shell: bash - run: | - CPP_DB=${{ fromJson(steps.analysis.outputs.db-locations).cpp }} - if [[ ! -d $CPP_DB ]] || [[ ! $CPP_DB == ${{ runner.temp }}/customDbLocation/* ]]; then - echo "Did not create a database for CPP, or created it in the wrong location." - exit 1 - fi - CSHARP_DB=${{ fromJson(steps.analysis.outputs.db-locations).csharp }} - if [[ ! -d $CSHARP_DB ]] || [[ ! $CSHARP_DB == ${{ runner.temp }}/customDbLocation/* ]]; then - echo "Did not create a database for C Sharp, or created it in the wrong location." - exit 1 - fi - GO_DB=${{ fromJson(steps.analysis.outputs.db-locations).go }} - if [[ ! -d $GO_DB ]] || [[ ! $GO_DB == ${{ runner.temp }}/customDbLocation/* ]]; then - echo "Did not create a database for Go, or created it in the wrong location." - exit 1 - fi - JAVA_DB=${{ fromJson(steps.analysis.outputs.db-locations).java }} - if [[ ! -d $JAVA_DB ]] || [[ ! $JAVA_DB == ${{ runner.temp }}/customDbLocation/* ]]; then - echo "Did not create a database for Java, or created it in the wrong location." - exit 1 - fi - JAVASCRIPT_DB=${{ fromJson(steps.analysis.outputs.db-locations).javascript }} - if [[ ! -d $JAVASCRIPT_DB ]] || [[ ! $JAVASCRIPT_DB == ${{ runner.temp }}/customDbLocation/* ]]; then - echo "Did not create a database for Javascript, or created it in the wrong location." - exit 1 - fi - PYTHON_DB=${{ fromJson(steps.analysis.outputs.db-locations).python }} - if [[ ! -d $PYTHON_DB ]] || [[ ! $PYTHON_DB == ${{ runner.temp }}/customDbLocation/* ]]; then - echo "Did not create a database for Python, or created it in the wrong location." - exit 1 - fi diff --git a/src/actions-util.ts b/src/actions-util.ts index 17b521af7..66e4bb669 100644 --- a/src/actions-util.ts +++ b/src/actions-util.ts @@ -545,7 +545,7 @@ export async function getRef(): Promise { // in actions/checkout@v1 this may not be true as it checks out the repository // using GITHUB_REF. There is a subtle race condition where // git rev-parse GITHUB_REF != GITHUB_SHA, so we must check - // git git-parse GITHUB_REF == git rev-parse HEAD instead. + // git rev-parse GITHUB_REF == git rev-parse HEAD instead. const hasChangedRef = sha !== head && (await getCommitOid( diff --git a/src/api-compatibility.json b/src/api-compatibility.json index 3143f0a15..cb77fa450 100644 --- a/src/api-compatibility.json +++ b/src/api-compatibility.json @@ -1 +1 @@ -{"maximumVersion": "3.7", "minimumVersion": "3.2"} +{"maximumVersion": "3.7", "minimumVersion": "3.3"} diff --git a/src/defaults.json b/src/defaults.json index 4f9c89668..629627f7c 100644 --- a/src/defaults.json +++ b/src/defaults.json @@ -1,3 +1,3 @@ { - "bundleVersion": "codeql-bundle-20220908" + "bundleVersion": "codeql-bundle-20220923" }