Skip to content

Commit

Permalink
Merge pull request #729 from github/update-v1.0.13-4455bf8c
Browse files Browse the repository at this point in the history
Merge main into v1
  • Loading branch information
edoardopirovano authored Sep 6, 2021
2 parents b0e7041 + e72d9f4 commit 89d78ba
Show file tree
Hide file tree
Showing 69 changed files with 674 additions and 628 deletions.
73 changes: 62 additions & 11 deletions .github/workflows/pr-checks.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
name: "PR checks"
name: PR checks

env:
GO111MODULE: auto
Expand All @@ -14,6 +14,7 @@ on:

jobs:
lint-js:
name: Lint
runs-on: ubuntu-latest

steps:
Expand All @@ -26,10 +27,11 @@ jobs:

steps:
- uses: actions/checkout@v2
- name: Check generated JavaScript
- name: Check generated JS
run: .github/workflows/script/check-js.sh

check-node-modules:
name: Check modules up to date
runs-on: macos-latest

steps:
Expand All @@ -38,6 +40,7 @@ jobs:
run: .github/workflows/script/check-node-modules.sh

npm-test:
name: Unit Test
needs: [check-js, check-node-modules]
strategy:
matrix:
Expand All @@ -50,6 +53,7 @@ jobs:
run: npm run-script test

multi-language-repo_test-autodetect-languages:
name: Autodetect language (multi)
needs: [check-js, check-node-modules]
runs-on: ubuntu-latest

Expand Down Expand Up @@ -107,6 +111,7 @@ jobs:
# Packaging test that runs against a javascript database
# Specifying packs in the config file.
test-packaging-javascript-config:
name: Packaging Config JS
needs: [check-js, check-node-modules]
runs-on: ubuntu-latest

Expand All @@ -123,6 +128,8 @@ jobs:
with:
config-file: ".github/codeql/codeql-config-packaging.yml"
languages: javascript
# This version is known to worl with 0.1.0
tools: https://github.com/dsp-testing/codeql-cli-nightlies/releases/download/codeql-bundle-20210831-manual/codeql-bundle.tar.gz
- name: Build code
shell: bash
run: ./build.sh
Expand All @@ -148,6 +155,7 @@ jobs:
# Packaging test that runs against a javascript database
# Specifying packs as an input.
test-packaging-javascript-inputs:
name: Packaging Inputs JS
needs: [check-js, check-node-modules]
runs-on: ubuntu-latest

Expand All @@ -164,7 +172,9 @@ jobs:
with:
config-file: ".github/codeql/codeql-config-packaging2.yml"
languages: javascript
packs: dsp-testing/codeql-pack1@0.0.4, dsp-testing/codeql-pack2
packs: dsp-testing/codeql-pack1@0.1.0, dsp-testing/codeql-pack2
# This version is known to worl with 0.1.0
tools: https://github.com/dsp-testing/codeql-cli-nightlies/releases/download/codeql-bundle-20210831-manual/codeql-bundle.tar.gz

- name: Build code
shell: bash
Expand All @@ -191,6 +201,7 @@ jobs:
# Packaging test that runs against a javascript database
# Specifying packs in the config file and inputs.
test-packaging-javascript-config-and-inputs:
name: Packaging Inputs and Config JS
needs: [check-js, check-node-modules]
runs-on: ubuntu-latest

Expand All @@ -206,8 +217,10 @@ jobs:
- uses: ./../action/init
with:
config-file: ".github/codeql/codeql-config-packaging3.yml"
packs: +dsp-testing/codeql-pack1@0.0.4
packs: +dsp-testing/codeql-pack1@0.1.0
languages: javascript
# This version is known to worl with 0.1.0
tools: https://github.com/dsp-testing/codeql-cli-nightlies/releases/download/codeql-bundle-20210831-manual/codeql-bundle.tar.gz

- name: Build code
shell: bash
Expand All @@ -233,6 +246,7 @@ jobs:
# Tests a split workflow where database construction and query execution happen in different steps
test-split-workflow:
name: Split workflow
needs: [check-js, check-node-modules]
runs-on: ubuntu-latest

Expand All @@ -248,9 +262,10 @@ jobs:
- uses: ./../action/init
with:
config-file: ".github/codeql/codeql-config-packaging3.yml"
packs: +dsp-testing/codeql-pack1@0.0.4
packs: +dsp-testing/codeql-pack1@0.1.0
languages: javascript
tools: latest
# This version is known to worl with 0.1.0
tools: https://github.com/dsp-testing/codeql-cli-nightlies/releases/download/codeql-bundle-20210831-manual/codeql-bundle.tar.gz
- name: Build code
shell: bash
run: ./build.sh
Expand Down Expand Up @@ -287,12 +302,16 @@ jobs:
# Identify the CodeQL tool versions to integration test against.
check-codeql-versions:
name: Check CodeQL Versions
needs: [check-js, check-node-modules]
runs-on: ubuntu-latest
outputs:
versions: ${{ steps.compare.outputs.versions }}
nightly-url: ${{ steps.get-url.outputs.nightly-url }}

env:
# URL of the oldest release that we support, if this is being bumped then the constant
# CODEQL_MINIMUM_VERSION in the file codeql.ts should also be bumped to match this.
OLDEST_URL: https://github.com/github/codeql-action/releases/download/codeql-bundle-20201028/codeql-bundle.tar.gz
steps:
- uses: actions/checkout@v2
- name: Move codeql-action
Expand Down Expand Up @@ -336,38 +355,52 @@ jobs:
with:
tools: ${{ steps.get-url.outputs.nightly-url }}
languages: javascript
- name: Remove empty database
# allows us to run init a fourth time
run: |
rm -rf "$RUNNER_TEMP/codeql_databases"
- name: Init with a CodeQL bundle from the oldest supported release
id: init-oldest
uses: ./../action/init
with:
tools: ${{ env.OLDEST_URL }}
languages: javascript
- name: Compare CodeQL bundle versions
id: compare
env:
CODEQL_DEFAULT: ${{ steps.init-default.outputs.codeql-path }}
CODEQL_LATEST: ${{ steps.init-latest.outputs.codeql-path }}
CODEQL_NIGHTLY: ${{ steps.init-nightly.outputs.codeql-path }}
CODEQL_OLDEST: ${{ steps.init-oldest.outputs.codeql-path }}
NIGHTLY_URL: ${{ steps.get-url.outputs.nightly-url }}
run: |
CODEQL_VERSION_DEFAULT="$("$CODEQL_DEFAULT" version --format terse)"
CODEQL_VERSION_LATEST="$("$CODEQL_LATEST" version --format terse)"
CODEQL_VERSION_NIGHTLY="$("$CODEQL_NIGHTLY" version --format terse)"
CODEQL_VERSION_OLDEST="$("$CODEQL_OLDEST" version --format terse)"
echo "Default CodeQL bundle version is $CODEQL_VERSION_DEFAULT"
echo "Latest CodeQL bundle version is $CODEQL_VERSION_LATEST"
echo "Nightly CodeQL bundle version is $CODEQL_VERSION_NIGHTLY"
echo "Oldest supported CodeQL bundle version is $CODEQL_VERSION_OLDEST"
# If we're running on a pull request, run each integration test with all three bundles, even
# If we're running on a pull request, run each integration test with all four bundles, even
# if `tools: latest` would be the same as `tools: null`. This allows us to make the
# integration test job for each of the three bundles a required status check.
# integration test job for each of the four bundles a required status check.
#
# If we're running on push, then we can skip running with `tools: latest` when it would be
# the same as running with `tools: null`.
if [[ "$GITHUB_EVENT_NAME" != "pull_request" && "$CODEQL_VERSION_DEFAULT" == "$CODEQL_VERSION_LATEST" ]]; then
VERSIONS_JSON="[null, \"$NIGHTLY_URL\"]"
VERSIONS_JSON="[null, \"$NIGHTLY_URL\", \"$OLDEST_URL\"]"
else
VERSIONS_JSON="[null, \"$NIGHTLY_URL\", \"latest\"]"
VERSIONS_JSON="[null, \"$NIGHTLY_URL\", \"$OLDEST_URL\", \"latest\"]"
fi
# Output a JSON-encoded list with the distinct versions to test against.
echo "Suggested matrix config for integration tests: $VERSIONS_JSON"
echo "::set-output name=versions::${VERSIONS_JSON}"
multi-language-repo_test-custom-queries-and-remote-config:
name: Remote Config Custom Queries multi-language repo
needs: [check-js, check-node-modules, check-codeql-versions]
strategy:
fail-fast: false
Expand Down Expand Up @@ -399,6 +432,7 @@ jobs:

# Currently is not possible to analyze Go in conjunction with other languages in macos
multi-language-repo_test-go-custom-queries:
name: Go custom queries multi-language repo
needs: [check-js, check-node-modules, check-codeql-versions]
strategy:
fail-fast: false
Expand Down Expand Up @@ -433,6 +467,7 @@ jobs:
TEST_MODE: true

go-custom-tracing:
name: Go custom tracing
needs: [check-js, check-node-modules, check-codeql-versions]
strategy:
fail-fast: false
Expand Down Expand Up @@ -468,6 +503,7 @@ jobs:
TEST_MODE: true

go-custom-tracing-autobuild:
name: Go autobuild custom tracing
needs: [check-js, check-node-modules, check-codeql-versions]
strategy:
fail-fast: false
Expand Down Expand Up @@ -505,6 +541,7 @@ jobs:
# Ruby is in beta, so test it separately for now.
multi-language-repo_test-ruby:
name: Ruby multi-language
needs: [check-js, check-node-modules, check-codeql-versions]
strategy:
fail-fast: false
Expand Down Expand Up @@ -545,6 +582,7 @@ jobs:
fi
multi-language-repo_rubocop:
name: Rubocop multi-language
needs: [check-js, check-node-modules]
runs-on: ubuntu-latest

Expand Down Expand Up @@ -578,6 +616,7 @@ jobs:
TEST_MODE: true

test-proxy:
name: Proxy
needs: [check-js, check-node-modules, check-codeql-versions]
strategy:
fail-fast: false
Expand Down Expand Up @@ -612,6 +651,7 @@ jobs:
TEST_MODE: true

runner-analyze-javascript-ubuntu:
name: Runner ubuntu JS analyze
needs: [check-js, check-node-modules]
runs-on: ubuntu-latest

Expand Down Expand Up @@ -639,6 +679,7 @@ jobs:
TEST_MODE: true

runner-analyze-javascript-windows:
name: Runner windows JS analyze
needs: [check-js, check-node-modules]
runs-on: windows-latest

Expand All @@ -662,6 +703,7 @@ jobs:
TEST_MODE: true

runner-analyze-javascript-macos:
name: Runner macos JS analyze
needs: [check-js, check-node-modules]
runs-on: macos-latest

Expand All @@ -685,6 +727,7 @@ jobs:
TEST_MODE: true

runner-analyze-csharp-ubuntu:
name: Runner ubuntu C# analyze
needs: [check-js, check-node-modules]
runs-on: ubuntu-latest

Expand Down Expand Up @@ -721,6 +764,7 @@ jobs:
TEST_MODE: true

runner-analyze-csharp-windows:
name: Runner windows C# analyze
needs: [check-js, check-node-modules]
runs-on: windows-latest

Expand Down Expand Up @@ -760,6 +804,7 @@ jobs:
TEST_MODE: true

runner-analyze-csharp-macos:
name: Runner macos C# analyze
needs: [check-js, check-node-modules]
runs-on: macos-latest

Expand Down Expand Up @@ -798,6 +843,7 @@ jobs:


runner-analyze-csharp-autobuild-ubuntu:
name: Runner ubuntu autobuild C# analyze
needs: [check-js, check-node-modules]
runs-on: ubuntu-latest

Expand Down Expand Up @@ -833,6 +879,7 @@ jobs:
TEST_MODE: true

runner-analyze-csharp-autobuild-windows:
name: Runner windows autobuild C# analyze
needs: [check-js, check-node-modules]
runs-on: windows-latest

Expand Down Expand Up @@ -869,6 +916,7 @@ jobs:
TEST_MODE: true

runner-analyze-csharp-autobuild-macos:
name: Runner macos autobuild C# analyze
needs: [check-js, check-node-modules]
runs-on: macos-latest

Expand Down Expand Up @@ -905,6 +953,7 @@ jobs:
TEST_MODE: true

runner-upload-sarif:
name: Runner upload sarif
needs: [check-js, check-node-modules]
runs-on: ubuntu-latest

Expand All @@ -926,6 +975,7 @@ jobs:
runner/dist/codeql-runner-linux upload --sarif-file src/testdata/empty-sarif.sarif --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
multi-language-repo_test-local-codeql:
name: Local codeql multi-language repo
needs: [check-js, check-node-modules, check-codeql-versions]
runs-on: ubuntu-latest

Expand All @@ -946,6 +996,7 @@ jobs:
- uses: ./../action/analyze

test-javascript-source-root:
name: JS source root
needs: [check-js, check-node-modules]
runs-on: ubuntu-latest

Expand Down
6 changes: 6 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,11 @@
# CodeQL Action and CodeQL Runner Changelog

## 1.0.13 - 06 Sep 2021

- Update default CodeQL bundle version to 2.6.0. [#712](https://github.com/github/codeql-action/pull/712)
- Update baseline lines of code counter for python. All multi-line strings are counted as code. [#714](https://github.com/github/codeql-action/pull/714)
- Remove old baseline LoC injection [#715](https://github.com/github/codeql-action/pull/715)

## 1.0.12 - 16 Aug 2021

- Update README to include a sample permissions block. [#689](https://github.com/github/codeql-action/pull/689)
Expand Down
8 changes: 4 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -74,8 +74,8 @@ jobs:
# project uses a compiled language

#- run: |
# make bootstrap
# make release
# make bootstrap
# make release

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1
Expand All @@ -91,8 +91,8 @@ If you prefer to integrate this within an existing CI workflow, it should end up

# Here is where you build your code
- run: |
make bootstrap
make release
make bootstrap
make release
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1
Expand Down
Loading

0 comments on commit 89d78ba

Please sign in to comment.