From 1f0700d1c068a5834de7aa630f9edfb89723ca5d Mon Sep 17 00:00:00 2001 From: Angela P Wen Date: Tue, 27 Sep 2022 15:55:05 -0700 Subject: [PATCH 1/4] Update unset environment variables PR check (#1269) * Only test Java for CLI v2.5+ * Improve bash code style * Set Actions error messages Co-authored-by: Andrew Eisenberg --- .github/workflows/__unset-environment.yml | 97 ------------------- .../workflows/unset-environment-new-cli.yml | 95 ++++++++++++++++++ .../workflows/unset-environment-old-cli.yml | 89 +++++++++++++++++ pr-checks/checks/unset-environment.yml | 49 ---------- 4 files changed, 184 insertions(+), 146 deletions(-) delete mode 100644 .github/workflows/__unset-environment.yml create mode 100644 .github/workflows/unset-environment-new-cli.yml create mode 100644 .github/workflows/unset-environment-old-cli.yml delete mode 100644 pr-checks/checks/unset-environment.yml diff --git a/.github/workflows/__unset-environment.yml b/.github/workflows/__unset-environment.yml deleted file mode 100644 index 23d6ad2550..0000000000 --- a/.github/workflows/__unset-environment.yml +++ /dev/null @@ -1,97 +0,0 @@ -# Warning: This file is generated automatically, and should not be modified. -# Instead, please modify the template in the pr-checks directory and run: -# pip install ruamel.yaml && python3 sync.py -# to regenerate this file. - -name: PR Check - Test unsetting environment variables -env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GO111MODULE: auto -on: - push: - branches: - - main - - releases/v1 - - releases/v2 - pull_request: - types: - - opened - - synchronize - - reopened - - ready_for_review - workflow_dispatch: {} -jobs: - unset-environment: - strategy: - matrix: - include: - - os: ubuntu-latest - version: stable-20210308 - - os: ubuntu-latest - version: stable-20210319 - - os: ubuntu-latest - version: stable-20210809 - - os: ubuntu-latest - version: cached - - os: ubuntu-latest - version: latest - - os: ubuntu-latest - version: nightly-latest - name: Test unsetting environment variables - timeout-minutes: 45 - runs-on: ${{ matrix.os }} - steps: - - name: Check out repository - uses: actions/checkout@v3 - - name: Prepare test - id: prepare-test - uses: ./.github/prepare-test - with: - version: ${{ matrix.version }} - - uses: ./../action/init - with: - db-location: ${{ runner.temp }}/customDbLocation - tools: ${{ steps.prepare-test.outputs.tools-url }} - env: - TEST_MODE: true - - name: Build code - shell: bash - run: env -i PATH="$PATH" HOME="$HOME" ./build.sh - - uses: ./../action/analyze - id: analysis - env: - TEST_MODE: true - - shell: bash - run: | - CPP_DB=${{ fromJson(steps.analysis.outputs.db-locations).cpp }} - if [[ ! -d $CPP_DB ]] || [[ ! $CPP_DB == ${{ runner.temp }}/customDbLocation/* ]]; then - echo "Did not create a database for CPP, or created it in the wrong location." - exit 1 - fi - CSHARP_DB=${{ fromJson(steps.analysis.outputs.db-locations).csharp }} - if [[ ! -d $CSHARP_DB ]] || [[ ! $CSHARP_DB == ${{ runner.temp }}/customDbLocation/* ]]; then - echo "Did not create a database for C Sharp, or created it in the wrong location." - exit 1 - fi - GO_DB=${{ fromJson(steps.analysis.outputs.db-locations).go }} - if [[ ! -d $GO_DB ]] || [[ ! $GO_DB == ${{ runner.temp }}/customDbLocation/* ]]; then - echo "Did not create a database for Go, or created it in the wrong location." - exit 1 - fi - JAVA_DB=${{ fromJson(steps.analysis.outputs.db-locations).java }} - if [[ ! -d $JAVA_DB ]] || [[ ! $JAVA_DB == ${{ runner.temp }}/customDbLocation/* ]]; then - echo "Did not create a database for Java, or created it in the wrong location." - exit 1 - fi - JAVASCRIPT_DB=${{ fromJson(steps.analysis.outputs.db-locations).javascript }} - if [[ ! -d $JAVASCRIPT_DB ]] || [[ ! $JAVASCRIPT_DB == ${{ runner.temp }}/customDbLocation/* ]]; then - echo "Did not create a database for Javascript, or created it in the wrong location." - exit 1 - fi - PYTHON_DB=${{ fromJson(steps.analysis.outputs.db-locations).python }} - if [[ ! -d $PYTHON_DB ]] || [[ ! $PYTHON_DB == ${{ runner.temp }}/customDbLocation/* ]]; then - echo "Did not create a database for Python, or created it in the wrong location." - exit 1 - fi - env: - INTERNAL_CODEQL_ACTION_DEBUG_LOC: true diff --git a/.github/workflows/unset-environment-new-cli.yml b/.github/workflows/unset-environment-new-cli.yml new file mode 100644 index 0000000000..39da1b36c6 --- /dev/null +++ b/.github/workflows/unset-environment-new-cli.yml @@ -0,0 +1,95 @@ +# See `unset-environment-old-cli.yml` for reasoning behind the separate tests. +name: PR Check - Test unsetting environment variables for CLI version >= 2.5.1 +env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GO111MODULE: auto +on: + push: + branches: + - main + - releases/v1 + - releases/v2 + pull_request: + types: + - opened + - synchronize + - reopened + - ready_for_review + workflow_dispatch: {} +jobs: + unset-environment: + strategy: + matrix: + include: + - os: ubuntu-latest + version: stable-20210809 + - os: ubuntu-latest + version: cached + - os: ubuntu-latest + version: latest + - os: ubuntu-latest + version: nightly-latest + name: Test unsetting environment variables + timeout-minutes: 45 + runs-on: ${{ matrix.os }} + steps: + - name: Check out repository + uses: actions/checkout@v3 + - name: Prepare test + id: prepare-test + uses: ./.github/prepare-test + with: + version: ${{ matrix.version }} + - uses: ./../action/init + with: + db-location: ${{ runner.temp }}/customDbLocation + tools: ${{ steps.prepare-test.outputs.tools-url }} + env: + TEST_MODE: true + - name: Build code + shell: bash + run: env -i PATH="$PATH" HOME="$HOME" ./build.sh + - uses: ./../action/analyze + id: analysis + env: + TEST_MODE: true + - shell: bash + run: | + CPP_DB="${{ fromJson(steps.analysis.outputs.db-locations).cpp }}" + if [[ ! -d "$CPP_DB" ]] || [[ ! "$CPP_DB" == "${RUNNER_TEMP}/customDbLocation/cpp" ]]; then + echo "::error::Did not create a database for CPP, or created it in the wrong location." \ + "Expected location was '${RUNNER_TEMP}/customDbLocation/cpp' but actual was '${CPP_DB}'" + exit 1 + fi + CSHARP_DB="${{ fromJson(steps.analysis.outputs.db-locations).csharp }}" + if [[ ! -d "$CSHARP_DB" ]] || [[ ! "$CSHARP_DB" == "${RUNNER_TEMP}/customDbLocation/csharp" ]]; then + echo "::error::Did not create a database for C Sharp, or created it in the wrong location." \ + "Expected location was '${RUNNER_TEMP}/customDbLocation/csharp' but actual was '${CSHARP_DB}'" + exit 1 + fi + GO_DB="${{ fromJson(steps.analysis.outputs.db-locations).go }}" + if [[ ! -d "$GO_DB" ]] || [[ ! "$GO_DB" == "${RUNNER_TEMP}/customDbLocation/go" ]]; then + echo "::error::Did not create a database for Go, or created it in the wrong location." \ + "Expected location was '${RUNNER_TEMP}/customDbLocation/go' but actual was '${GO_DB}'" + exit 1 + fi + JAVA_DB="${{ fromJson(steps.analysis.outputs.db-locations).java }}" + if [[ ! -d "$JAVA_DB" ]] || [[ ! "$JAVA_DB" == "${RUNNER_TEMP}/customDbLocation/java" ]]; then + echo "::error::Did not create a database for Java, or created it in the wrong location." \ + "Expected location was '${RUNNER_TEMP}/customDbLocation/java' but actual was '${JAVA_DB}'" + exit 1 + fi + JAVASCRIPT_DB="${{ fromJson(steps.analysis.outputs.db-locations).javascript }}" + if [[ ! -d "$JAVASCRIPT_DB" ]] || [[ ! "$JAVASCRIPT_DB" == "${RUNNER_TEMP}/customDbLocation/javascript" ]]; then + echo "::error::Did not create a database for Javascript, or created it in the wrong location." \ + "Expected location was '${RUNNER_TEMP}/customDbLocation/javascript' but actual was '${JAVASCRIPT_DB}'" + exit 1 + fi + PYTHON_DB="${{ fromJson(steps.analysis.outputs.db-locations).python }}" + if [[ ! -d "$PYTHON_DB" ]] || [[ ! "$PYTHON_DB" == "${RUNNER_TEMP}/customDbLocation/python" ]]; then + echo "::error::Did not create a database for Python, or created it in the wrong location." \ + "Expected location was '${RUNNER_TEMP}/customDbLocation/python' but actual was '${PYTHON_DB}'" + exit 1 + fi + env: + INTERNAL_CODEQL_ACTION_DEBUG_LOC: true diff --git a/.github/workflows/unset-environment-old-cli.yml b/.github/workflows/unset-environment-old-cli.yml new file mode 100644 index 0000000000..281ced054c --- /dev/null +++ b/.github/workflows/unset-environment-old-cli.yml @@ -0,0 +1,89 @@ +# There was a bug, fixed in CLI v2.5.1, that didn't propagate environment +# variables that the Java tracer needed. Here we test all languages +# except Java for these CLI versions. In `unset-environment-new-cli.yml` +# we test all languages for recent CLI versions. +name: PR Check - Test unsetting environment variables for CLI version < 2.5.1 +env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GO111MODULE: auto +on: + push: + branches: + - main + - releases/v1 + - releases/v2 + pull_request: + types: + - opened + - synchronize + - reopened + - ready_for_review + workflow_dispatch: {} +jobs: + unset-environment: + strategy: + matrix: + include: + - os: ubuntu-latest + version: stable-20210308 + - os: ubuntu-latest + version: stable-20210319 + name: Test unsetting environment variables + timeout-minutes: 45 + runs-on: ${{ matrix.os }} + steps: + - name: Check out repository + uses: actions/checkout@v3 + - name: Prepare test + id: prepare-test + uses: ./.github/prepare-test + with: + version: ${{ matrix.version }} + - uses: ./../action/init + with: + languages: csharp,cpp,go,javascript,python + db-location: ${{ runner.temp }}/customDbLocation + tools: ${{ steps.prepare-test.outputs.tools-url }} + env: + TEST_MODE: true + - name: Build code + shell: bash + run: env -i PATH="$PATH" HOME="$HOME" ./build.sh + - uses: ./../action/analyze + id: analysis + env: + TEST_MODE: true + - shell: bash + run: | + CPP_DB="${{ fromJson(steps.analysis.outputs.db-locations).cpp }}" + if [[ ! -d "$CPP_DB" ]] || [[ ! "$CPP_DB" == "${RUNNER_TEMP}/customDbLocation/cpp" ]]; then + echo "::error::Did not create a database for CPP, or created it in the wrong location." \ + "Expected location was '${RUNNER_TEMP}/customDbLocation/cpp' but actual was '${CPP_DB}'" + exit 1 + fi + CSHARP_DB="${{ fromJson(steps.analysis.outputs.db-locations).csharp }}" + if [[ ! -d "$CSHARP_DB" ]] || [[ ! "$CSHARP_DB" == "${RUNNER_TEMP}/customDbLocation/csharp" ]]; then + echo "::error::Did not create a database for C Sharp, or created it in the wrong location." \ + "Expected location was '${RUNNER_TEMP}/customDbLocation/csharp' but actual was '${CSHARP_DB}'" + exit 1 + fi + GO_DB="${{ fromJson(steps.analysis.outputs.db-locations).go }}" + if [[ ! -d "$GO_DB" ]] || [[ ! "$GO_DB" == "${RUNNER_TEMP}/customDbLocation/go" ]]; then + echo "::error::Did not create a database for Go, or created it in the wrong location." \ + "Expected location was '${RUNNER_TEMP}/customDbLocation/go' but actual was '${GO_DB}'" + exit 1 + fi + JAVASCRIPT_DB="${{ fromJson(steps.analysis.outputs.db-locations).javascript }}" + if [[ ! -d "$JAVASCRIPT_DB" ]] || [[ ! "$JAVASCRIPT_DB" == "${RUNNER_TEMP}/customDbLocation/javascript" ]]; then + echo "::error::Did not create a database for Javascript, or created it in the wrong location." \ + "Expected location was '${RUNNER_TEMP}/customDbLocation/javascript' but actual was '${JAVASCRIPT_DB}'" + exit 1 + fi + PYTHON_DB="${{ fromJson(steps.analysis.outputs.db-locations).python }}" + if [[ ! -d "$PYTHON_DB" ]] || [[ ! "$PYTHON_DB" == "${RUNNER_TEMP}/customDbLocation/python" ]]; then + echo "::error::Did not create a database for Python, or created it in the wrong location." \ + "Expected location was '${RUNNER_TEMP}/customDbLocation/python' but actual was '${PYTHON_DB}'" + exit 1 + fi + env: + INTERNAL_CODEQL_ACTION_DEBUG_LOC: true diff --git a/pr-checks/checks/unset-environment.yml b/pr-checks/checks/unset-environment.yml deleted file mode 100644 index f5d03e0291..0000000000 --- a/pr-checks/checks/unset-environment.yml +++ /dev/null @@ -1,49 +0,0 @@ -name: "Test unsetting environment variables" -description: "An end-to-end integration test that unsets some environment variables" -os: ["ubuntu-latest"] -steps: - - uses: ./../action/init - with: - db-location: "${{ runner.temp }}/customDbLocation" - tools: ${{ steps.prepare-test.outputs.tools-url }} - env: - TEST_MODE: true - - name: Build code - shell: bash - run: env -i PATH="$PATH" HOME="$HOME" ./build.sh - - uses: ./../action/analyze - id: analysis - env: - TEST_MODE: true - - shell: bash - run: | - CPP_DB=${{ fromJson(steps.analysis.outputs.db-locations).cpp }} - if [[ ! -d $CPP_DB ]] || [[ ! $CPP_DB == ${{ runner.temp }}/customDbLocation/* ]]; then - echo "Did not create a database for CPP, or created it in the wrong location." - exit 1 - fi - CSHARP_DB=${{ fromJson(steps.analysis.outputs.db-locations).csharp }} - if [[ ! -d $CSHARP_DB ]] || [[ ! $CSHARP_DB == ${{ runner.temp }}/customDbLocation/* ]]; then - echo "Did not create a database for C Sharp, or created it in the wrong location." - exit 1 - fi - GO_DB=${{ fromJson(steps.analysis.outputs.db-locations).go }} - if [[ ! -d $GO_DB ]] || [[ ! $GO_DB == ${{ runner.temp }}/customDbLocation/* ]]; then - echo "Did not create a database for Go, or created it in the wrong location." - exit 1 - fi - JAVA_DB=${{ fromJson(steps.analysis.outputs.db-locations).java }} - if [[ ! -d $JAVA_DB ]] || [[ ! $JAVA_DB == ${{ runner.temp }}/customDbLocation/* ]]; then - echo "Did not create a database for Java, or created it in the wrong location." - exit 1 - fi - JAVASCRIPT_DB=${{ fromJson(steps.analysis.outputs.db-locations).javascript }} - if [[ ! -d $JAVASCRIPT_DB ]] || [[ ! $JAVASCRIPT_DB == ${{ runner.temp }}/customDbLocation/* ]]; then - echo "Did not create a database for Javascript, or created it in the wrong location." - exit 1 - fi - PYTHON_DB=${{ fromJson(steps.analysis.outputs.db-locations).python }} - if [[ ! -d $PYTHON_DB ]] || [[ ! $PYTHON_DB == ${{ runner.temp }}/customDbLocation/* ]]; then - echo "Did not create a database for Python, or created it in the wrong location." - exit 1 - fi From cc4ee05a07057f0fa24b1d3a132d166d181f7dc9 Mon Sep 17 00:00:00 2001 From: GitHub Date: Wed, 28 Sep 2022 00:21:45 +0000 Subject: [PATCH 2/4] Update supported GitHub Enterprise Server versions. --- lib/api-compatibility.json | 2 +- src/api-compatibility.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/api-compatibility.json b/lib/api-compatibility.json index f881206a87..73d77986ea 100644 --- a/lib/api-compatibility.json +++ b/lib/api-compatibility.json @@ -1 +1 @@ -{ "maximumVersion": "3.7", "minimumVersion": "3.2" } +{ "maximumVersion": "3.7", "minimumVersion": "3.3" } diff --git a/src/api-compatibility.json b/src/api-compatibility.json index 3143f0a15b..cb77fa450d 100644 --- a/src/api-compatibility.json +++ b/src/api-compatibility.json @@ -1 +1 @@ -{"maximumVersion": "3.7", "minimumVersion": "3.2"} +{"maximumVersion": "3.7", "minimumVersion": "3.3"} From a4e4529299f668fea9b22bb22c5400fd7a6f2313 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Sat, 24 Sep 2022 23:27:01 -0400 Subject: [PATCH 3/4] Correct program name --- lib/actions-util.js | 2 +- src/actions-util.ts | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/actions-util.js b/lib/actions-util.js index 83a78e7cd8..4f45467e06 100644 --- a/lib/actions-util.js +++ b/lib/actions-util.js @@ -452,7 +452,7 @@ async function getRef() { // in actions/checkout@v1 this may not be true as it checks out the repository // using GITHUB_REF. There is a subtle race condition where // git rev-parse GITHUB_REF != GITHUB_SHA, so we must check - // git git-parse GITHUB_REF == git rev-parse HEAD instead. + // git rev-parse GITHUB_REF == git rev-parse HEAD instead. const hasChangedRef = sha !== head && (await (0, exports.getCommitOid)(checkoutPath, ref.replace(/^refs\/pull\//, "refs/remotes/pull/"))) !== head; if (hasChangedRef) { diff --git a/src/actions-util.ts b/src/actions-util.ts index 17b521af79..66e4bb6691 100644 --- a/src/actions-util.ts +++ b/src/actions-util.ts @@ -545,7 +545,7 @@ export async function getRef(): Promise { // in actions/checkout@v1 this may not be true as it checks out the repository // using GITHUB_REF. There is a subtle race condition where // git rev-parse GITHUB_REF != GITHUB_SHA, so we must check - // git git-parse GITHUB_REF == git rev-parse HEAD instead. + // git rev-parse GITHUB_REF == git rev-parse HEAD instead. const hasChangedRef = sha !== head && (await getCommitOid( From a711c7623d69663f82a95451056cfb79202d63b3 Mon Sep 17 00:00:00 2001 From: Chuan-kai Lin Date: Fri, 23 Sep 2022 13:58:56 -0700 Subject: [PATCH 4/4] Update default CodeQL version to 2.11.0 --- CHANGELOG.md | 2 +- lib/defaults.json | 2 +- src/defaults.json | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 720c2fb973..d32e15f019 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,7 @@ ## [UNRELEASED] -No user facing changes. +- Update default CodeQL bundle version to 2.11.0. [#1267](https://github.com/github/codeql-action/pull/1267) ## 2.1.25 - 21 Sep 2022 diff --git a/lib/defaults.json b/lib/defaults.json index 507d26f25b..197d124e50 100644 --- a/lib/defaults.json +++ b/lib/defaults.json @@ -1,3 +1,3 @@ { - "bundleVersion": "codeql-bundle-20220908" + "bundleVersion": "codeql-bundle-20220923" } diff --git a/src/defaults.json b/src/defaults.json index 4f9c896681..629627f7c5 100644 --- a/src/defaults.json +++ b/src/defaults.json @@ -1,3 +1,3 @@ { - "bundleVersion": "codeql-bundle-20220908" + "bundleVersion": "codeql-bundle-20220923" }