Merge main into releases/v2

.github/workflows/debug-artifacts.yml

@@ -56,7 +56,6 @@ jobs:
           debug-artifact-name: my-debug-artifacts
           debug-database-name: my-db
       - uses: ./../action/.github/actions/setup-swift
-        if: matrix.version == 'nightly-latest'
         with:
           codeql-path: ${{ steps.init.outputs.codeql-path }}
       - name: Build code

.github/workflows/python-deps.yml

@@ -72,7 +72,7 @@ jobs:
 
     - name: Verify packages installed
       run: |
-        $GITHUB_WORKSPACE/python-setup/tests/check_requests_2_26_0.sh ${PYTHON_VERSION}
+        $GITHUB_WORKSPACE/python-setup/tests/check_requests.sh ${PYTHON_VERSION} 2.31.0
 
   # This one shouldn't fail, but also won't install packages
   test-setup-python-scripts-non-standard-location:
@@ -170,5 +170,5 @@ jobs:
 
     - name: Verify packages installed
       run: |
-        $cmd = $Env:GITHUB_WORKSPACE + "\\python-setup\\tests\\check_requests_2_26_0.ps1"
-        powershell -File $cmd $Env:PYTHON_VERSION
+        $cmd = $Env:GITHUB_WORKSPACE + "\\python-setup\\tests\\check_requests.ps1"
+        powershell -File $cmd $Env:PYTHON_VERSION 2.31.0

.github/workflows/update-supported-enterprise-server-versions.yml

@@ -35,14 +35,22 @@ jobs:
           npm run build
         env:
           ENTERPRISE_RELEASES_PATH: ${{ github.workspace }}/enterprise-releases/
-      - name: Commit Changes
-        uses: peter-evans/create-pull-request@284f54f989303d2699d373481a0cfa13ad5a6666 # v5.0.1
-        with:
-          commit-message: Update supported GitHub Enterprise Server versions.
-          title: Update supported GitHub Enterprise Server versions.
-          body: ""
-          author: GitHub <noreply@github.com>
-          branch: update-supported-enterprise-server-versions
-          draft: true
+
+      - name: Update git config
+        run: |
+          git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          git config --global user.name "github-actions[bot]"
+
+      - name: Commit changes and open PR
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          if [[ -z $(git status --porcelain) ]]; then
+            echo "No changes to commit"
+          else
+            git checkout -b update-supported-enterprise-server-versions
+            git add .
+            git commit --message "Update supported GitHub Enterprise Server versions"
+            git push origin update-supported-enterprise-server-versions
+            gh pr create --fill --draft
+          fi

.github/workflows/update-supported-enterprise-server-versions/update.py

@@ -35,7 +35,10 @@ def main():
 
 		if oldest_supported_release is None or release_version < oldest_supported_release:
 			end_of_life_date = datetime.date.fromisoformat(release_data["end"])
-			if end_of_life_date > datetime.date.today():
+			# The GHES version is not actually end of life until the end of the day specified by
+			# `end_of_life_date`. Wait an extra week to be safe.
+			is_end_of_life = datetime.date.today() > end_of_life_date + datetime.timedelta(weeks=1)
+			if not is_end_of_life:
 				oldest_supported_release = release_version
 
 	api_compatibility_data = {

CHANGELOG.md

@@ -1,5 +1,9 @@
 # CodeQL Action Changelog
 
+## 2.3.6 - 01 Jun 2023
+
+No user facing changes.
+
 ## 2.3.5 - 25 May 2023
 
 - Allow invalid URIs to be used as values to `artifactLocation.uri` properties. This reverses a change from [#1668](https://github.com/github/codeql-action/pull/1668) that inadvertently led to stricter validation of some URI values. [#1705](https://github.com/github/codeql-action/pull/1705)
@@ -14,6 +18,7 @@
   - This change does not affect the majority of workflows, and we will not be changing tags for existing bundle releases.
   - Some workflows with custom logic that depends on the specific format of the CodeQL bundle tag may need to be updated. For example, if your workflow matches CodeQL bundle tag names against a `codeql-bundle-yyyymmdd` pattern, you should update it to also recognize `codeql-bundle-vx.y.z` tags.
 - Remove the requirement for `on.push` and `on.pull_request` to trigger on the same branches. [#1675](https://github.com/github/codeql-action/pull/1675)
+- Update default CodeQL bundle version to 2.13.3. [#1698](https://github.com/github/codeql-action/pull/1698)
 
 ## 2.3.3 - 04 May 2023
 

lib/defaults.json

@@ -1,6 +1,6 @@
 {
-    "bundleVersion": "codeql-bundle-20230428",
-    "cliVersion": "2.13.1",
-    "priorBundleVersion": "codeql-bundle-20230414",
-    "priorCliVersion": "2.13.0"
+    "bundleVersion": "codeql-bundle-20230524",
+    "cliVersion": "2.13.3",
+    "priorBundleVersion": "codeql-bundle-20230428",
+    "priorCliVersion": "2.13.1"
 }

package.json

@@ -1,6 +1,6 @@
 {
   "name": "codeql",
-  "version": "2.3.5",
+  "version": "2.3.6",
   "private": true,
   "description": "CodeQL action",
   "scripts": {

python-setup/tests/check_requests.ps1

@@ -0,0 +1,27 @@
+#! /usr/bin/pwsh
+
+$EXPECTED_PYTHON_VERSION=$args[0]
+$EXPECTED_REQUESTS_VERSION=$args[1]
+
+$FOUND_PYTHON_VERSION="$Env:LGTM_PYTHON_SETUP_VERSION"
+$FOUND_PYTHONPATH="$Env:LGTM_INDEX_IMPORT_PATH"
+
+write-host "FOUND_PYTHON_VERSION=$FOUND_PYTHON_VERSION FOUND_PYTHONPATH=$FOUND_PYTHONPATH "
+
+if ($FOUND_PYTHON_VERSION -ne $EXPECTED_PYTHON_VERSION) {
+    write-host "Script told us to use Python $FOUND_PYTHON_VERSION, but expected $EXPECTED_PYTHON_VERSION"
+    exit 1
+} else {
+    write-host "Script told us to use Python $FOUND_PYTHON_VERSION, which was expected"
+}
+
+$env:PYTHONPATH=$FOUND_PYTHONPATH
+
+$INSTALLED_REQUESTS_VERSION = (py -3 -c "import requests; print(requests.__version__)")
+
+if ($INSTALLED_REQUESTS_VERSION -ne $EXPECTED_REQUESTS_VERSION) {
+    write-host "Using $FOUND_PYTHONPATH as PYTHONPATH, we found version $INSTALLED_REQUESTS_VERSION of requests, but expected $EXPECTED_REQUESTS_VERSION"
+    exit 1
+} else {
+    write-host "Using $FOUND_PYTHONPATH as PYTHONPATH, we found version $INSTALLED_REQUESTS_VERSION of requests, which was expected"
+}

python-setup/tests/check_requests.sh

@@ -0,0 +1,31 @@
+#!/bin/bash
+
+set -e
+
+SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
+
+EXPECTED_PYTHON_VERSION=$1
+EXPECTED_REQUESTS_VERSION=$2
+
+FOUND_PYTHON_VERSION="$LGTM_PYTHON_SETUP_VERSION"
+FOUND_PYTHONPATH="$LGTM_INDEX_IMPORT_PATH"
+
+echo "FOUND_PYTHON_VERSION=${FOUND_PYTHON_VERSION} FOUND_PYTHONPATH=${FOUND_PYTHONPATH} "
+
+if [[ $FOUND_PYTHON_VERSION != $EXPECTED_PYTHON_VERSION ]]; then
+    echo "Script told us to use Python ${FOUND_PYTHON_VERSION}, but expected ${EXPECTED_PYTHON_VERSION}"
+    exit 1
+else
+    echo "Script told us to use Python ${FOUND_PYTHON_VERSION}, which was expected"
+fi
+
+PYTHON_EXE="python${EXPECTED_PYTHON_VERSION}"
+
+INSTALLED_REQUESTS_VERSION=$(PYTHONPATH="${FOUND_PYTHONPATH}" "${PYTHON_EXE}" -c 'import requests; print(requests.__version__)')
+
+if [[ "$INSTALLED_REQUESTS_VERSION" != "$EXPECTED_REQUESTS_VERSION" ]]; then
+    echo "Using ${FOUND_PYTHONPATH} as PYTHONPATH, we found version $INSTALLED_REQUESTS_VERSION of requests, but expected $EXPECTED_REQUESTS_VERSION"
+    exit 1
+else
+    echo "Using ${FOUND_PYTHONPATH} as PYTHONPATH, we found version $INSTALLED_REQUESTS_VERSION of requests, which was expected"
+fi