Skip to content

Commit aa72dda

Browse files
authored
Merge branch 'main' into mbg/interpret-cq-results
2 parents 65d1e45 + 8593ea6 commit aa72dda

15 files changed

+149
-36
lines changed

.github/copilot-instructions.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
# CodeQL Action - Copilot Instructions
2+
3+
The CodeQL Action is written in TypeScript and compiled to JavaScript. Both the TypeScript sources and the **generated** JavaScript code are contained in this repository. The TypeScript sources are contained in the `src` directory and the JavaScript code is contained in the `lib` directory. A GitHub Actions workflow checks that the JavaScript code in `lib` is up-to-date. Therefore, you should not review any changes to the contents of the `lib` folder and it is expected that the JavaScript code in `lib` closely mirrors the TypeScript code it is generated from.
4+
5+
GitHub Actions workflows in the `.github/workflows` directory whose filenames start with two underscores (e.g. `__all-platform-bundle.yml`) are automatically generated using the `pr-checks/sync.sh` script from template files in the `pr-checks/checks` directory. Therefore, you do not need to review files in the `.github/workflows` directory that starts with two underscores. However, you should review changes to the `pr-checks` directory as well as workflows in the `.github/workflows` directory that do not start with underscores.
Lines changed: 101 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,101 @@
1+
name: Update dependency proxy release assets
2+
on:
3+
workflow_dispatch:
4+
inputs:
5+
tag:
6+
description: "The tag of CodeQL Bundle release that contains the proxy binaries as release assets"
7+
type: string
8+
required: true
9+
10+
jobs:
11+
update:
12+
name: Update code and create PR
13+
timeout-minutes: 15
14+
runs-on: ubuntu-latest
15+
permissions:
16+
contents: write # needed to push the updated files
17+
pull-requests: write # needed to create the PR
18+
env:
19+
RELEASE_TAG: ${{ inputs.tag }}
20+
steps:
21+
- name: Check release tag format
22+
id: checks
23+
shell: bash
24+
run: |
25+
if ! [[ $RELEASE_TAG =~ ^codeql-bundle-v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
26+
echo "Invalid release tag: expected a CodeQL bundle tag in the 'codeql-bundle-vM.N.P' format."
27+
exit 1
28+
fi
29+
30+
echo "target_branch=dependency-proxy/$RELEASE_TAG" >> $GITHUB_OUTPUT
31+
32+
- name: Check that the release exists
33+
shell: bash
34+
env:
35+
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
36+
run: |
37+
(gh release view --repo "$GITHUB_REPOSITORY" --json "assets" "$RELEASE_TAG" && echo "Release found.") || exit 1
38+
39+
- name: Install Node
40+
uses: actions/setup-node@v4
41+
42+
- name: Checkout repository
43+
uses: actions/checkout@v4
44+
with:
45+
fetch-depth: 0 # ensure we have all tags and can push commits
46+
ref: main
47+
48+
- name: Update git config
49+
shell: bash
50+
run: |
51+
git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
52+
git config --global user.name "github-actions[bot]"
53+
54+
- name: Update release tag and version
55+
shell: bash
56+
run: |
57+
NOW=$(date +"%Y%m%d%H%M%S") # only used to make sure we don't fetch stale binaries from the toolcache
58+
sed -i "s|https://github.com/github/codeql-action/releases/download/codeql-bundle-v[0-9.]\+/|https://github.com/github/codeql-action/releases/download/$RELEASE_TAG/|g" ./src/start-proxy-action.ts
59+
sed -i "s/\"v2.0.[0-9]\+\"/\"v2.0.$NOW\"/g" ./src/start-proxy-action.ts
60+
61+
- name: Compile TypeScript and commit changes
62+
shell: bash
63+
env:
64+
TARGET_BRANCH: ${{ steps.checks.outputs.target_branch }}
65+
run: |
66+
set -exu
67+
git checkout -b "$TARGET_BRANCH"
68+
69+
npm run build
70+
git add ./src/start-proxy-action.ts
71+
git add ./lib
72+
git commit -m "Update release used by \`start-proxy\` action"
73+
74+
- name: Push changes and open PR
75+
shell: bash
76+
env:
77+
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
78+
TARGET_BRANCH: ${{ steps.checks.outputs.target_branch }}
79+
PR_FLAG: ${{ (github.event_name == 'workflow_dispatch' && '--draft') || '--dry-run' }}
80+
run: |
81+
set -exu
82+
pr_title="Update release used by \`start-proxy\` to \`$RELEASE_TAG\`"
83+
pr_body=$(cat << EOF
84+
This PR updates the \`start-proxy\` action to use the private registry proxy binaries that
85+
are attached as release assets to the \`$RELEASE_TAG\` release.
86+
87+
88+
Please do the following before merging:
89+
90+
- [ ] Verify that the changes to the code are correct.
91+
- [ ] Mark the PR as ready for review to trigger the CI.
92+
EOF
93+
)
94+
95+
git push origin "$TARGET_BRANCH"
96+
gh pr create \
97+
--head "$TARGET_BRANCH" \
98+
--base "main" \
99+
--title "${pr_title}" \
100+
--body "${pr_body}" \
101+
$PR_FLAG

CHANGELOG.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,12 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th
44

55
## [UNRELEASED]
66

7+
No user facing changes.
8+
9+
## 3.29.1 - 27 Jun 2025
10+
711
- Fix bug in PR analysis where user-provided `include` query filter fails to exclude non-included queries. [#2938](https://github.com/github/codeql-action/pull/2938)
12+
- Update default CodeQL bundle version to 2.22.1. [#2950](https://github.com/github/codeql-action/pull/2950)
813

914
## 3.29.0 - 11 Jun 2025
1015

lib/api-compatibility.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
{ "maximumVersion": "3.18", "minimumVersion": "3.13" }
1+
{ "maximumVersion": "3.18", "minimumVersion": "3.14" }

lib/defaults.json

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
2-
"bundleVersion": "codeql-bundle-v2.22.0",
3-
"cliVersion": "2.22.0",
4-
"priorBundleVersion": "codeql-bundle-v2.21.4",
5-
"priorCliVersion": "2.21.4"
2+
"bundleVersion": "codeql-bundle-v2.22.1",
3+
"cliVersion": "2.22.1",
4+
"priorBundleVersion": "codeql-bundle-v2.22.0",
5+
"priorCliVersion": "2.22.0"
66
}

lib/start-proxy-action.js

Lines changed: 2 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

node_modules/.package-lock.json

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package-lock.json

Lines changed: 2 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"name": "codeql",
3-
"version": "3.29.1",
3+
"version": "3.29.2",
44
"private": true,
55
"description": "CodeQL action",
66
"scripts": {

src/api-compatibility.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
{"maximumVersion": "3.18", "minimumVersion": "3.13"}
1+
{"maximumVersion": "3.18", "minimumVersion": "3.14"}

src/defaults.json

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
2-
"bundleVersion": "codeql-bundle-v2.22.0",
3-
"cliVersion": "2.22.0",
4-
"priorBundleVersion": "codeql-bundle-v2.21.4",
5-
"priorCliVersion": "2.21.4"
2+
"bundleVersion": "codeql-bundle-v2.22.1",
3+
"cliVersion": "2.22.1",
4+
"priorBundleVersion": "codeql-bundle-v2.22.0",
5+
"priorCliVersion": "2.22.0"
66
}

src/start-proxy-action.ts

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -11,9 +11,9 @@ import { Credential, getCredentials } from "./start-proxy";
1111
import * as util from "./util";
1212

1313
const UPDATEJOB_PROXY = "update-job-proxy";
14-
const UPDATEJOB_PROXY_VERSION = "v2.0.20250424171100";
14+
const UPDATEJOB_PROXY_VERSION = "v2.0.20250624110901";
1515
const UPDATEJOB_PROXY_URL_PREFIX =
16-
"https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.21.1/";
16+
"https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.22.0/";
1717
const KEY_SIZE = 2048;
1818
const KEY_EXPIRY_YEARS = 2;
1919

tests/multi-language-repo/.gitignore

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
.DS_Store
2+
/.build
3+
/Packages
4+
/*.xcodeproj
5+
xcuserdata/
6+
DerivedData/
7+
.swiftpm/config/registries.json
8+
.swiftpm/xcode/package.xcworkspace/contents.xcworkspacedata
9+
.netrc
Lines changed: 7 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -1,26 +1,15 @@
1-
// swift-tools-version: 5.7
1+
// swift-tools-version: 5.8
22
// The swift-tools-version declares the minimum version of Swift required to build this package.
33

44
import PackageDescription
55

66
let package = Package(
7-
name: "helloWorld",
8-
products: [
9-
// Products define the executables and libraries a package produces, and make them visible to other packages.
10-
.library(
11-
name: "helloWorld",
12-
targets: ["helloWorld"]),
13-
],
14-
dependencies: [
15-
// Dependencies declare other packages that this package depends on.
16-
// .package(url: /* package url */, from: "1.0.0"),
17-
],
7+
name: "multi-language-repo",
188
targets: [
19-
// Targets are the basic building blocks of a package. A target can define a module or a test suite.
20-
// Targets can depend on other targets in this package, and on products in packages this package depends on.
21-
.target(
22-
name: "helloWorld",
23-
path: "swift-custom-build/helloWorld"
24-
)
9+
// Targets are the basic building blocks of a package, defining a module or a test suite.
10+
// Targets can depend on other targets in this package and products from dependencies.
11+
.executableTarget(
12+
name: "multi-language-repo",
13+
path: "Sources"),
2514
]
2615
)
Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
// The Swift Programming Language
2+
// https://docs.swift.org/swift-book
3+
4+
print("Hello, world!")

0 commit comments

Comments
 (0)