Merge main into add-multi-cause-markdown-flag.

.github/ISSUE_TEMPLATE/config.yml

@@ -1,5 +1,5 @@
 blank_issues_enabled: true
 contact_links:
   - name: Contact GitHub Support
-    url: https://support.github.com/contact?subject=Code+Scanning+Beta+Support&tags=code-scanning-support
-    about: Contact Support about code scanning
+    url: https://support.github.com/request
+    about: Contact Support 

.github/workflows/codeql.yml

@@ -15,7 +15,11 @@ jobs:
     steps:
     - uses: actions/checkout@v2
     - uses: ./init
+      id: init
       with:
         languages: javascript
         config-file: ./.github/codeql/codeql-config.yml
+    # confirm steps.init.outputs.codeql-path points to the codeql binary
+    - name: Print CodeQL Version
+      run: ${{steps.init.outputs.codeql-path}} version --format=json
     - uses: ./analyze

.github/workflows/python-deps.yml

@@ -43,10 +43,12 @@ jobs:
     - uses: actions/checkout@v2
 
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      uses: ./init
+      id: init
       with:
         tools: latest
         languages: python
+        setup-python-dependencies: false
 
     - name: Test Auto Package Installation
       run: |
@@ -61,8 +63,7 @@ jobs:
         esac
         echo ${basePath}
 
-        codeql_version="0.0.0-$(cat "$GITHUB_WORKSPACE/src/defaults.json" | jq -r .bundleVersion | rev | cut -d - -f 1 | rev)"
-        $GITHUB_WORKSPACE/python-setup/auto_install_packages.py "${basePath}/hostedtoolcache/CodeQL/$codeql_version/x64/codeql"
+        $GITHUB_WORKSPACE/python-setup/auto_install_packages.py "$(dirname ${{steps.init.outputs.codeql-path}})"
     - name: Setup for extractor
       run: |
         echo $CODEQL_PYTHON
@@ -105,10 +106,11 @@ jobs:
     - uses: actions/checkout@v2
 
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      uses: ./init
       with:
         tools: latest
         languages: python
+        setup-python-dependencies: false
 
     - name: Test Auto Package Installation
       run: |

.github/workflows/update-supported-enterprise-server-versions.yml

@@ -0,0 +1,43 @@
+name: Update Supported Enterprise Server Versions
+
+on:
+  schedule:
+    - cron: "0 0 * * *"
+
+jobs:
+  update-supported-enterprise-server-versions:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Setup Python
+        uses: actions/setup-python@v2
+        with:
+          python-version: "3.7"
+      - name: Checkout CodeQL Action
+        uses: actions/checkout@v2
+      - name: Checkout Enterprise Releases
+        uses: actions/checkout@v2
+        with:
+          repository: github/enterprise-releases
+          ssh-key: ${{ secrets.ENTERPRISE_RELEASES_SSH_KEY }}
+          path: ${{ github.workspace }}/enterprise-releases/
+      - name: Update Supported Enterprise Server Versions
+        run: |
+          cd ./.github/workflows/update-supported-enterprise-server-versions/
+          python3 -m pip install pipenv
+          pipenv install
+          pipenv run ./update.py
+          rm --recursive "$ENTERPRISE_RELEASES_PATH"
+          npm run build
+        env:
+          ENTERPRISE_RELEASES_PATH: ${{ github.workspace }}/enterprise-releases/
+      - name: Commit Changes
+        uses: peter-evans/create-pull-request@c7f493a8000b8aeb17a1332e326ba76b57cb83eb # v3.4.1
+        with:
+          commit-message: Update supported GitHub Enterprise Server versions.
+          title: Update supported GitHub Enterprise Server versions.
+          body: ""
+          author: GitHub <noreply@github.com>
+          branch: update-supported-enterprise-server-versions
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/update-supported-enterprise-server-versions/Pipfile

@@ -0,0 +1,9 @@
+[[source]]
+name = "pypi"
+url = "https://pypi.org/simple"
+verify_ssl = true
+
+[dev-packages]
+
+[packages]
+semver = "*"

.github/workflows/update-supported-enterprise-server-versions/update.py

@@ -0,0 +1,43 @@
+#!/usr/bin/env python3
+import datetime
+import json
+import os
+import pathlib
+
+import semver
+
+_API_COMPATIBILITY_PATH = pathlib.Path(__file__).absolute().parents[3] / "src" / "api-compatibility.json"
+_ENTERPRISE_RELEASES_PATH = pathlib.Path(os.environ["ENTERPRISE_RELEASES_PATH"])
+_RELEASE_FILE_PATH = _ENTERPRISE_RELEASES_PATH / "releases.json"
+_FIRST_SUPPORTED_RELEASE = semver.VersionInfo.parse("2.22.0") # Versions older than this did not include Code Scanning.
+
+def main():
+	api_compatibility_data = json.loads(_API_COMPATIBILITY_PATH.read_text())
+
+	releases = json.loads(_RELEASE_FILE_PATH.read_text())
+	oldest_supported_release = None
+	newest_supported_release = semver.VersionInfo.parse(api_compatibility_data["maximumVersion"] + ".0")
+
+	for release_version_string, release_data in releases.items():
+		release_version = semver.VersionInfo.parse(release_version_string + ".0")
+		if release_version < _FIRST_SUPPORTED_RELEASE:
+			continue
+
+		if release_version > newest_supported_release:
+			feature_freeze_date = datetime.date.fromisoformat(release_data["feature_freeze"])
+			if feature_freeze_date < datetime.date.today() + datetime.timedelta(weeks=2):
+				newest_supported_release = release_version
+
+		if oldest_supported_release is None or release_version < oldest_supported_release:
+			end_of_life_date = datetime.date.fromisoformat(release_data["end"])
+			if end_of_life_date > datetime.date.today():
+				oldest_supported_release = release_version
+
+	api_compatibility_data = {
+		"minimumVersion": f"{oldest_supported_release.major}.{oldest_supported_release.minor}",
+		"maximumVersion": f"{newest_supported_release.major}.{newest_supported_release.minor}",
+	}
+	_API_COMPATIBILITY_PATH.write_text(json.dumps(api_compatibility_data, sort_keys=True) + "\n")
+
+if __name__ == "__main__":
+	main()

CONTRIBUTING.md

@@ -36,6 +36,7 @@ It is possible to run this action locally via [act](https://github.com/nektos/ac
 
   ```bash
   CODEQL_LOCAL_RUN=true
+  GITHUB_SERVER_URL=https://github.com
 
   # Optional, for better logging
   GITHUB_JOB=<ANY_JOB_NAME>

README.md

@@ -23,14 +23,14 @@ on:
   pull_request:
   schedule:
     #        ┌───────────── minute (0 - 59)
-    #        │ ┌───────────── hour (0 - 23)
-    #        │ │ ┌───────────── day of the month (1 - 31)
-    #        │ │ │ ┌───────────── month (1 - 12 or JAN-DEC)
-    #        │ │ │ │ ┌───────────── day of the week (0 - 6 or SUN-SAT)
-    #        │ │ │ │ │
-    #        │ │ │ │ │
-    #        │ │ │ │ │
-    #        * * * * *
+    #        │  ┌───────────── hour (0 - 23)
+    #        │  │ ┌───────────── day of the month (1 - 31)
+    #        │  │ │ ┌───────────── month (1 - 12 or JAN-DEC)
+    #        │  │ │ │ ┌───────────── day of the week (0 - 6 or SUN-SAT)
+    #        │  │ │ │ │
+    #        │  │ │ │ │
+    #        │  │ │ │ │
+    #        *  * * * *
     - cron: '30 1 * * 0'
 
 jobs:
@@ -41,17 +41,6 @@ jobs:
     steps:
       - name: Checkout repository
         uses: actions/checkout@v2
-        with:
-          # Must fetch at least the immediate parents so that if this is
-          # a pull request then we can checkout the head of the pull request.
-          # Only include this option if you are running this workflow on pull requests.
-          fetch-depth: 2
-
-      # If this run was triggered by a pull request event then checkout
-      # the head of the pull request instead of the merge commit.
-      # Only include this step if you are running this workflow on pull requests.
-      - run: git checkout HEAD^2
-        if: ${{ github.event_name == 'pull_request' }}
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL

init/action.yml

@@ -1,5 +1,5 @@
 name: 'CodeQL: Init'
-description: 'Setup the CodeQL tracer'
+description: 'Set up CodeQL'
 author: 'GitHub'
 inputs:
   tools:
@@ -23,6 +23,9 @@ inputs:
     description: Try to auto-install your python dependencies
     required: true
     default: 'true'
+outputs:
+  codeql-path:
+    description: The path of the CodeQL binary used for analysis
 runs:
   using: 'node12'
   main: '../lib/init-action.js'