Merge branch 'main' into aeisenberg/upload-sarif-limits

.github/prepare-test/action.yml

@@ -2,9 +2,11 @@ name: "Prepare test"
 description: Performs some preparation to run tests
 inputs:
   version:
+    description: "The version of the CodeQL CLI to use. Can be 'latest', 'cached', 'nightly-latest', 'nightly-YYYY-MM-DD', or 'stable-YYYY-MM-DD'."
     required: true
 outputs:
   tools-url:
+    description: "The value that should be passed as the 'tools' input of the 'init' step."
     value: ${{ steps.get-url.outputs.tools-url }}
 runs:
   using: composite
@@ -20,6 +22,7 @@ runs:
       name: Determine URL
       shell: bash
       run: |
+        set -e # Fail this Action if `gh release list` fails.
         if [[ ${{ inputs.version }} == "nightly-latest" ]]; then
           export LATEST=`gh release list --repo dsp-testing/codeql-cli-nightlies -L 1 | cut -f 3`
           echo "tools-url=https://github.com/dsp-testing/codeql-cli-nightlies/releases/download/$LATEST/codeql-bundle.tar.gz" >> $GITHUB_OUTPUT
@@ -34,5 +37,6 @@ runs:
         elif [[ ${{ inputs.version }} == "cached" ]]; then
           echo "tools-url=" >> $GITHUB_OUTPUT
         else
-          echo "::error Unrecognized version specified!"
+          echo "::error::Unrecognized version specified!"
+          exit 1
         fi

.github/workflows/script/check-node-modules.sh

@@ -7,10 +7,9 @@ if [ ! -z "$(git status --porcelain)" ]; then
     >&2 echo "Failed: Repo should be clean before testing!"
     exit 1
 fi
-# Pin npm to v8 since v9 doesn't support Node 12.
 # When updating this, make sure to update the npm version in
 # `.github/workflows/update-dependencies.yml` too.
-sudo npm install --force -g npm@^8.19.3
+sudo npm install --force -g npm@9.2.0
 # Reinstall modules and then clean to remove absolute paths
 # Use 'npm ci' instead of 'npm install' as this is intended to be reproducible
 npm ci

.github/workflows/update-dependencies.yml

@@ -27,10 +27,9 @@ jobs:
       run: |
         git fetch origin "$BRANCH" --depth=1
         git checkout "origin/$BRANCH"
-        # Pin npm to v8 since v9 doesn't support Node 12.
         # When updating this, make sure to update the npm version in
         # `.github/workflows/script/check-node-modules.sh` too.
-        sudo npm install --force -g npm@^8.19.3
+        sudo npm install --force -g npm@9.2.0
         npm install
         npm ci
         npm run removeNPMAbsolutePaths

CHANGELOG.md

@@ -16,6 +16,7 @@
     - The tool cache now contains **two** recent CodeQL versions (previously **one**).
     - Each CodeQL version is located under a directory named after the release date and version number, e.g. CodeQL 2.11.6 is now located under `CodeQL/2.11.6-20221211/x64/codeql` (previously `CodeQL/0.0.0-20221211/x64/codeql`).
 - The maximum number of [SARIF runs](https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#run-object) per file has been increased from 15 to 20 for users uploading SARIF files to GitHub.com. This change will help ensure that Code Scanning can process SARIF files generated by third-party tools that have many runs. See the [GitHub API documentation](https://docs.github.com/en/rest/code-scanning?apiVersion=2022-11-28#upload-an-analysis-as-sarif-data) for a list of all the limits around uploading SARIF. This change will be released to GitHub Enterprise Server as part of GHES 3.9.
+- Update default CodeQL bundle version to 2.12.1. [#1498](https://github.com/github/codeql-action/pull/1498)
 - Fix a bug that forced the `init` Action to run for at least two minutes on JavaScript. [#1494](https://github.com/github/codeql-action/pull/1494)
 
 ## 2.1.39 - 18 Jan 2023