diff --git a/.github/workflows/__analyze-ref-input.yml b/.github/workflows/__analyze-ref-input.yml index 30d5c532c6..9cf85b0c59 100644 --- a/.github/workflows/__analyze-ref-input.yml +++ b/.github/workflows/__analyze-ref-input.yml @@ -27,6 +27,11 @@ on: description: The version of Go to install required: false default: '>=1.21.0' + python-version: + type: string + description: The version of Python to install + required: false + default: '3.13' workflow_call: inputs: go-version: @@ -34,6 +39,11 @@ on: description: The version of Go to install required: false default: '>=1.21.0' + python-version: + type: string + description: The version of Python to install + required: false + default: '3.13' defaults: run: shell: bash @@ -70,6 +80,11 @@ jobs: with: go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false + - name: Install Python + if: matrix.version != 'nightly-latest' + uses: actions/setup-python@v6 + with: + python-version: ${{ inputs.python-version || '3.13' }} - uses: ./../action/init with: tools: ${{ steps.prepare-test.outputs.tools-url }} diff --git a/.github/workflows/__local-bundle.yml b/.github/workflows/__local-bundle.yml index 7f840b5dc6..159d8c4556 100644 --- a/.github/workflows/__local-bundle.yml +++ b/.github/workflows/__local-bundle.yml @@ -27,6 +27,11 @@ on: description: The version of Go to install required: false default: '>=1.21.0' + python-version: + type: string + description: The version of Python to install + required: false + default: '3.13' workflow_call: inputs: go-version: @@ -34,6 +39,11 @@ on: description: The version of Go to install required: false default: '>=1.21.0' + python-version: + type: string + description: The version of Python to install + required: false + default: '3.13' defaults: run: shell: bash @@ -70,6 +80,11 @@ jobs: with: go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false + - name: Install Python + if: matrix.version != 'nightly-latest' + uses: actions/setup-python@v6 + with: + python-version: ${{ inputs.python-version || '3.13' }} - name: Fetch latest CodeQL bundle run: | wget https://github.com/github/codeql-action/releases/latest/download/codeql-bundle-linux64.tar.zst diff --git a/.github/workflows/__multi-language-autodetect.yml b/.github/workflows/__multi-language-autodetect.yml index ee5d10c818..e9272f8939 100644 --- a/.github/workflows/__multi-language-autodetect.yml +++ b/.github/workflows/__multi-language-autodetect.yml @@ -27,6 +27,11 @@ on: description: The version of Go to install required: false default: '>=1.21.0' + python-version: + type: string + description: The version of Python to install + required: false + default: '3.13' workflow_call: inputs: go-version: @@ -34,6 +39,11 @@ on: description: The version of Go to install required: false default: '>=1.21.0' + python-version: + type: string + description: The version of Python to install + required: false + default: '3.13' defaults: run: shell: bash @@ -104,6 +114,11 @@ jobs: with: go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false + - name: Install Python + if: matrix.version != 'nightly-latest' + uses: actions/setup-python@v6 + with: + python-version: ${{ inputs.python-version || '3.13' }} - name: Use Xcode 16 if: runner.os == 'macOS' && matrix.version != 'nightly-latest' run: sudo xcode-select -s "/Applications/Xcode_16.app" diff --git a/.github/workflows/__packaging-codescanning-config-inputs-js.yml b/.github/workflows/__packaging-codescanning-config-inputs-js.yml index 0e08cf70fc..f960fa93e4 100644 --- a/.github/workflows/__packaging-codescanning-config-inputs-js.yml +++ b/.github/workflows/__packaging-codescanning-config-inputs-js.yml @@ -27,6 +27,11 @@ on: description: The version of Go to install required: false default: '>=1.21.0' + python-version: + type: string + description: The version of Python to install + required: false + default: '3.13' workflow_call: inputs: go-version: @@ -34,6 +39,11 @@ on: description: The version of Go to install required: false default: '>=1.21.0' + python-version: + type: string + description: The version of Python to install + required: false + default: '3.13' defaults: run: shell: bash @@ -81,6 +91,11 @@ jobs: with: go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false + - name: Install Python + if: matrix.version != 'nightly-latest' + uses: actions/setup-python@v6 + with: + python-version: ${{ inputs.python-version || '3.13' }} - uses: ./../action/init with: config-file: .github/codeql/codeql-config-packaging3.yml diff --git a/.github/workflows/__remote-config.yml b/.github/workflows/__remote-config.yml index fb76dbc676..b59da417e4 100644 --- a/.github/workflows/__remote-config.yml +++ b/.github/workflows/__remote-config.yml @@ -27,6 +27,11 @@ on: description: The version of Go to install required: false default: '>=1.21.0' + python-version: + type: string + description: The version of Python to install + required: false + default: '3.13' workflow_call: inputs: go-version: @@ -34,6 +39,11 @@ on: description: The version of Go to install required: false default: '>=1.21.0' + python-version: + type: string + description: The version of Python to install + required: false + default: '3.13' defaults: run: shell: bash @@ -72,6 +82,11 @@ jobs: with: go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false + - name: Install Python + if: matrix.version != 'nightly-latest' + uses: actions/setup-python@v6 + with: + python-version: ${{ inputs.python-version || '3.13' }} - uses: ./../action/init with: tools: ${{ steps.prepare-test.outputs.tools-url }} diff --git a/.github/workflows/__unset-environment.yml b/.github/workflows/__unset-environment.yml index 8b8d156547..ced3b33fcc 100644 --- a/.github/workflows/__unset-environment.yml +++ b/.github/workflows/__unset-environment.yml @@ -27,6 +27,11 @@ on: description: The version of Go to install required: false default: '>=1.21.0' + python-version: + type: string + description: The version of Python to install + required: false + default: '3.13' workflow_call: inputs: go-version: @@ -34,6 +39,11 @@ on: description: The version of Go to install required: false default: '>=1.21.0' + python-version: + type: string + description: The version of Python to install + required: false + default: '3.13' defaults: run: shell: bash @@ -72,6 +82,11 @@ jobs: with: go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false + - name: Install Python + if: matrix.version != 'nightly-latest' + uses: actions/setup-python@v6 + with: + python-version: ${{ inputs.python-version || '3.13' }} - uses: ./../action/init id: init with: diff --git a/.github/workflows/__upload-ref-sha-input.yml b/.github/workflows/__upload-ref-sha-input.yml index 8202ab1363..8f1fd49173 100644 --- a/.github/workflows/__upload-ref-sha-input.yml +++ b/.github/workflows/__upload-ref-sha-input.yml @@ -27,6 +27,11 @@ on: description: The version of Go to install required: false default: '>=1.21.0' + python-version: + type: string + description: The version of Python to install + required: false + default: '3.13' workflow_call: inputs: go-version: @@ -34,6 +39,11 @@ on: description: The version of Go to install required: false default: '>=1.21.0' + python-version: + type: string + description: The version of Python to install + required: false + default: '3.13' defaults: run: shell: bash @@ -70,6 +80,11 @@ jobs: with: go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false + - name: Install Python + if: matrix.version != 'nightly-latest' + uses: actions/setup-python@v6 + with: + python-version: ${{ inputs.python-version || '3.13' }} - uses: ./../action/init with: tools: ${{ steps.prepare-test.outputs.tools-url }} diff --git a/.github/workflows/__upload-sarif.yml b/.github/workflows/__upload-sarif.yml index 91a1af5e05..77cd057f9c 100644 --- a/.github/workflows/__upload-sarif.yml +++ b/.github/workflows/__upload-sarif.yml @@ -27,6 +27,11 @@ on: description: The version of Go to install required: false default: '>=1.21.0' + python-version: + type: string + description: The version of Python to install + required: false + default: '3.13' workflow_call: inputs: go-version: @@ -34,6 +39,11 @@ on: description: The version of Go to install required: false default: '>=1.21.0' + python-version: + type: string + description: The version of Python to install + required: false + default: '3.13' defaults: run: shell: bash @@ -77,6 +87,11 @@ jobs: with: go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false + - name: Install Python + if: matrix.version != 'nightly-latest' + uses: actions/setup-python@v6 + with: + python-version: ${{ inputs.python-version || '3.13' }} - uses: ./../action/init with: tools: ${{ steps.prepare-test.outputs.tools-url }} diff --git a/.github/workflows/__with-checkout-path.yml b/.github/workflows/__with-checkout-path.yml index e706b5d391..1b4002ffbc 100644 --- a/.github/workflows/__with-checkout-path.yml +++ b/.github/workflows/__with-checkout-path.yml @@ -27,6 +27,11 @@ on: description: The version of Go to install required: false default: '>=1.21.0' + python-version: + type: string + description: The version of Python to install + required: false + default: '3.13' workflow_call: inputs: go-version: @@ -34,6 +39,11 @@ on: description: The version of Go to install required: false default: '>=1.21.0' + python-version: + type: string + description: The version of Python to install + required: false + default: '3.13' defaults: run: shell: bash @@ -70,6 +80,11 @@ jobs: with: go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false + - name: Install Python + if: matrix.version != 'nightly-latest' + uses: actions/setup-python@v6 + with: + python-version: ${{ inputs.python-version || '3.13' }} - name: Delete original checkout run: | # delete the original checkout so we don't accidentally use it. diff --git a/pr-checks/checks/analyze-ref-input.yml b/pr-checks/checks/analyze-ref-input.yml index 1814b68083..1dbf9e0c86 100644 --- a/pr-checks/checks/analyze-ref-input.yml +++ b/pr-checks/checks/analyze-ref-input.yml @@ -2,6 +2,7 @@ name: "Analyze: 'ref' and 'sha' from inputs" description: "Checks that specifying 'ref' and 'sha' as inputs works" versions: ["default"] installGo: true +installPython: true steps: - uses: ./../action/init with: diff --git a/pr-checks/checks/local-bundle.yml b/pr-checks/checks/local-bundle.yml index c16c2bf503..449dcbbb17 100644 --- a/pr-checks/checks/local-bundle.yml +++ b/pr-checks/checks/local-bundle.yml @@ -2,6 +2,7 @@ name: "Local CodeQL bundle" description: "Tests using a CodeQL bundle from a local file rather than a URL" versions: ["linked"] installGo: true +installPython: true steps: - name: Fetch latest CodeQL bundle run: | diff --git a/pr-checks/checks/multi-language-autodetect.yml b/pr-checks/checks/multi-language-autodetect.yml index a7609240ee..84c779dd9a 100644 --- a/pr-checks/checks/multi-language-autodetect.yml +++ b/pr-checks/checks/multi-language-autodetect.yml @@ -4,6 +4,7 @@ operatingSystems: ["macos", "ubuntu"] env: CODEQL_ACTION_RESOLVE_SUPPORTED_LANGUAGES_USING_CLI: true installGo: true +installPython: true steps: - name: Use Xcode 16 if: runner.os == 'macOS' && matrix.version != 'nightly-latest' diff --git a/pr-checks/checks/packaging-codescanning-config-inputs-js.yml b/pr-checks/checks/packaging-codescanning-config-inputs-js.yml index 42710d9261..1b72b06b3f 100644 --- a/pr-checks/checks/packaging-codescanning-config-inputs-js.yml +++ b/pr-checks/checks/packaging-codescanning-config-inputs-js.yml @@ -3,6 +3,7 @@ description: "Checks that specifying packages using a combination of a config fi versions: ["linked", "default", "nightly-latest"] # This feature is not compatible with old CLIs installGo: true installNode: true +installPython: true steps: - uses: ./../action/init with: diff --git a/pr-checks/checks/remote-config.yml b/pr-checks/checks/remote-config.yml index 29629985ab..c0a9cf0bb2 100644 --- a/pr-checks/checks/remote-config.yml +++ b/pr-checks/checks/remote-config.yml @@ -6,6 +6,7 @@ versions: - linked - nightly-latest installGo: true +installPython: true steps: - uses: ./../action/init with: diff --git a/pr-checks/checks/unset-environment.yml b/pr-checks/checks/unset-environment.yml index 3615db5689..614c2006ef 100644 --- a/pr-checks/checks/unset-environment.yml +++ b/pr-checks/checks/unset-environment.yml @@ -6,6 +6,7 @@ versions: - linked - nightly-latest installGo: true +installPython: true steps: - uses: ./../action/init id: init diff --git a/pr-checks/checks/upload-ref-sha-input.yml b/pr-checks/checks/upload-ref-sha-input.yml index e9307a143f..fe55b5457b 100644 --- a/pr-checks/checks/upload-ref-sha-input.yml +++ b/pr-checks/checks/upload-ref-sha-input.yml @@ -2,6 +2,7 @@ name: "Upload-sarif: 'ref' and 'sha' from inputs" description: "Checks that specifying 'ref' and 'sha' as inputs works" versions: ["default"] installGo: true +installPython: true steps: - uses: ./../action/init with: diff --git a/pr-checks/checks/upload-sarif.yml b/pr-checks/checks/upload-sarif.yml index 1801a27407..0028e67ed2 100644 --- a/pr-checks/checks/upload-sarif.yml +++ b/pr-checks/checks/upload-sarif.yml @@ -3,6 +3,7 @@ description: "Checks that uploading SARIFs to the code quality endpoint works" versions: ["default"] analysisKinds: ["code-scanning", "code-quality", "code-scanning,code-quality"] installGo: true +installPython: true steps: - uses: ./../action/init with: diff --git a/pr-checks/checks/with-checkout-path.yml b/pr-checks/checks/with-checkout-path.yml index d0662be010..b18d191ccd 100644 --- a/pr-checks/checks/with-checkout-path.yml +++ b/pr-checks/checks/with-checkout-path.yml @@ -2,6 +2,7 @@ name: "Use a custom `checkout_path`" description: "Checks that a custom `checkout_path` will find the proper commit_oid" versions: ["linked"] installGo: true +installPython: true steps: # This ensures we don't accidentally use the original checkout for any part of the test. - name: Delete original checkout diff --git a/pr-checks/sync.py b/pr-checks/sync.py index 866a610304..4b814504df 100755 --- a/pr-checks/sync.py +++ b/pr-checks/sync.py @@ -184,6 +184,26 @@ def writeHeader(checkStream): } }) + installPython = is_truthy(checkSpecification.get('installPython', '')) + + if installPython: + basePythonVersionExpr = '3.13' + workflowInputs['python-version'] = { + 'type': 'string', + 'description': 'The version of Python to install', + 'required': False, + 'default': basePythonVersionExpr, + } + + steps.append({ + 'name': 'Install Python', + 'if': 'matrix.version != \'nightly-latest\'', + 'uses': 'actions/setup-python@v6', + 'with': { + 'python-version': '${{ inputs.python-version || \'' + basePythonVersionExpr + '\' }}' + } + }) + # If container initialisation steps are present in the check specification, # make sure to execute them first. if 'container' in checkSpecification and 'container-init-steps' in checkSpecification: