Skip to content

Commit

Permalink
Merge pull request #2522 from github/update-v3.26.11-8aba5f2c4
Browse files Browse the repository at this point in the history
Merge main into releases/v3
  • Loading branch information
angelapwen authored Oct 3, 2024
2 parents e2b3eaf + 389647f commit 6db8d63
Show file tree
Hide file tree
Showing 5,429 changed files with 2,176,936 additions and 71,672 deletions.
The diff you're trying to view is too large. We only load the first 3000 changed files.
4 changes: 4 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,10 @@ updates:
# v7 requires ESM
- dependency-name: "del"
versions: ["^7.0.0"]
# This is broken due to the way configuration files have changed.
# This might be fixed when we move to eslint v9.
- dependency-name: "eslint-plugin-import"
versions: [">=2.30.0"]
groups:
npm:
patterns:
Expand Down
99 changes: 99 additions & 0 deletions .github/workflows/debug-artifacts-upgrade.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,99 @@
# Checks logs, SARIF, and database bundle debug artifacts exist and are accessible
# with download-artifact@v4 when CODEQL_ACTION_ARTIFACT_V4_UPGRADE is set to true.
name: PR Check - Debug artifact upload using artifact@v2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
CODEQL_ACTION_ARTIFACT_V4_UPGRADE: true
on:
push:
branches:
- main
- releases/v*
pull_request:
types:
- opened
- synchronize
- reopened
- ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {}
jobs:
upload-artifacts:
strategy:
fail-fast: false
matrix:
version:
- stable-v2.13.5
- stable-v2.14.6
- stable-v2.15.5
- stable-v2.16.6
- stable-v2.17.6
- default
- linked
- nightly-latest
name: Upload debug artifacts
env:
CODEQL_ACTION_TEST_MODE: true
timeout-minutes: 45
runs-on: ubuntu-latest
steps:
- name: Check out repository
uses: actions/checkout@v4
- name: Prepare test
id: prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
- uses: actions/setup-go@v5
with:
go-version: ^1.13.1
- uses: ./../action/init
id: init
with:
tools: ${{ steps.prepare-test.outputs.tools-url }}
debug: true
debug-artifact-name: my-debug-artifacts
debug-database-name: my-db
# We manually exclude Swift from the languages list here, as it is not supported on Ubuntu
languages: cpp,csharp,go,java,javascript,python,ruby
- name: Build code
shell: bash
run: ./build.sh
- uses: ./../action/analyze
id: analysis
download-and-check-artifacts:
name: Download and check debug artifacts
needs: upload-artifacts
timeout-minutes: 45
runs-on: ubuntu-latest
steps:
- name: Download all artifacts
uses: actions/download-artifact@v4
- name: Check expected artifacts exist
shell: bash
run: |
VERSIONS="stable-v2.13.5 stable-v2.14.6 stable-v2.15.5 stable-v2.16.6 stable-v2.17.6 default linked nightly-latest"
LANGUAGES="cpp csharp go java javascript python"
for version in $VERSIONS; do
pushd "./my-debug-artifacts-${version//./}"
echo "Artifacts from version $version:"
for language in $LANGUAGES; do
echo "- Checking $language"
if [[ ! -f "$language.sarif" ]] ; then
echo "Missing a SARIF file for $language"
exit 1
fi
if [[ ! -f "my-db-$language.zip" ]] ; then
echo "Missing a database bundle for $language"
exit 1
fi
if [[ ! -d "$language/log" ]] ; then
echo "Missing logs for $language"
exit 1
fi
done
popd
done
env:
GO111MODULE: auto
8 changes: 8 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,14 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th

Note that the only difference between `v2` and `v3` of the CodeQL Action is the node version they support, with `v3` running on node 20 while we continue to release `v2` to support running on node 16. For example `3.22.11` was the first `v3` release and is functionally identical to `2.22.11`. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

## 3.26.11 - 03 Oct 2024

- _Upcoming breaking change_: Add support for using `actions/download-artifact@v4` to programmatically consume CodeQL Action debug artifacts.

Starting November 30, 2024, GitHub.com customers will [no longer be able to use `actions/download-artifact@v3`](https://github.blog/changelog/2024-04-16-deprecation-notice-v3-of-the-artifact-actions/). Therefore, to avoid breakage, customers who programmatically download the CodeQL Action debug artifacts should set the `CODEQL_ACTION_ARTIFACT_V4_UPGRADE` environment variable to `true` and bump `actions/download-artifact@v3` to `actions/download-artifact@v4` in their workflows. The CodeQL Action will enable this behavior by default in early November and workflows that have not yet bumped to `actions/download-artifact@v3` to `actions/download-artifact@v4` will begin failing then.

This change is currently unavailable for GitHub Enterprise Server customers, as `actions/upload-artifact@v4` and `actions/download-artifact@v4` are not yet compatible with GHES.

## 3.26.10 - 30 Sep 2024

- We are rolling out a feature in September/October 2024 that sets up CodeQL using a bundle compressed with [Zstandard](http://facebook.github.io/zstd/). Our aim is to improve the performance of setting up CodeQL. [#2502](https://github.com/github/codeql-action/pull/2502)
Expand Down
78 changes: 77 additions & 1 deletion lib/actions-util.js

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion lib/actions-util.js.map

Large diffs are not rendered by default.

14 changes: 13 additions & 1 deletion lib/analyze-action-post.js

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion lib/analyze-action-post.js.map

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

31 changes: 11 additions & 20 deletions lib/cli-errors.js

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit 6db8d63

Please sign in to comment.