diff --git a/.github/actions/prepare-test/action.yml b/.github/actions/prepare-test/action.yml index e50b490dc..2cbe4626e 100644 --- a/.github/actions/prepare-test/action.yml +++ b/.github/actions/prepare-test/action.yml @@ -4,6 +4,10 @@ inputs: version: description: "The version of the CodeQL CLI to use. Can be 'latest', 'default', 'nightly-latest', 'nightly-YYYY-MM-DD', or 'stable-YYYY-MM-DD'." required: true + use-all-platform-bundle: + description: "If true, we output a tools URL with codeql-bundle.tar.gz file rather than platform-specific URL" + default: 'false' + required: false outputs: tools-url: description: "The value that should be passed as the 'tools' input of the 'init' step." @@ -24,7 +28,9 @@ runs: run: | set -e # Fail this Action if `gh release list` fails. - if [[ "$RUNNER_OS" == "Linux" ]]; then + if [[ ${{ inputs.use-all-platform-bundle }} == "true" ]]; then + artifact_name="codeql-bundle.tar.gz" + elif [[ "$RUNNER_OS" == "Linux" ]]; then artifact_name="codeql-bundle-linux64.tar.gz" elif [[ "$RUNNER_OS" == "macOS" ]]; then artifact_name="codeql-bundle-osx64.tar.gz" diff --git a/.github/workflows/__all-platform-bundle.yml b/.github/workflows/__all-platform-bundle.yml new file mode 100644 index 000000000..b0e302765 --- /dev/null +++ b/.github/workflows/__all-platform-bundle.yml @@ -0,0 +1,67 @@ +# Warning: This file is generated automatically, and should not be modified. +# Instead, please modify the template in the pr-checks directory and run: +# (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py) +# to regenerate this file. + +name: PR Check - All-platform bundle +env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GO111MODULE: auto + CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true' +on: + push: + branches: + - main + - releases/v2 + pull_request: + types: + - opened + - synchronize + - reopened + - ready_for_review + workflow_dispatch: {} +jobs: + all-platform-bundle: + strategy: + matrix: + include: + - os: ubuntu-latest + version: nightly-latest + name: All-platform bundle + permissions: + contents: read + security-events: write + timeout-minutes: 45 + runs-on: ${{ matrix.os }} + steps: + - name: Check out repository + uses: actions/checkout@v3 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'true' + - name: Set environment variable for Swift enablement + if: >- + runner.os != 'Windows' && ( + matrix.version == '20220908' || + matrix.version == '20221211' + ) + shell: bash + run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV + - id: init + uses: ./../action/init + with: + tools: ${{ steps.prepare-test.outputs.tools-url }} + - uses: ./../action/.github/actions/setup-swift + with: + codeql-path: ${{ steps.init.outputs.codeql-path }} + - name: Build code + shell: bash + run: ./build.sh + - uses: ./../action/analyze + with: + upload-database: false + env: + CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__analyze-ref-input.yml b/.github/workflows/__analyze-ref-input.yml index 91d3eab39..195a29862 100644 --- a/.github/workflows/__analyze-ref-input.yml +++ b/.github/workflows/__analyze-ref-input.yml @@ -81,6 +81,7 @@ jobs: uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} + use-all-platform-bundle: 'false' - name: Set environment variable for Swift enablement if: >- runner.os != 'Windows' && ( diff --git a/.github/workflows/__autobuild-action.yml b/.github/workflows/__autobuild-action.yml index 3e8e3b50d..1b2816186 100644 --- a/.github/workflows/__autobuild-action.yml +++ b/.github/workflows/__autobuild-action.yml @@ -45,6 +45,7 @@ jobs: uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} + use-all-platform-bundle: 'false' - name: Set environment variable for Swift enablement if: >- runner.os != 'Windows' && ( diff --git a/.github/workflows/__config-export.yml b/.github/workflows/__config-export.yml index 5a8d449bc..f0d14215c 100644 --- a/.github/workflows/__config-export.yml +++ b/.github/workflows/__config-export.yml @@ -51,6 +51,7 @@ jobs: uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} + use-all-platform-bundle: 'false' - name: Set environment variable for Swift enablement if: >- runner.os != 'Windows' && ( diff --git a/.github/workflows/__diagnostics-export.yml b/.github/workflows/__diagnostics-export.yml index aef8a03fc..2127957d9 100644 --- a/.github/workflows/__diagnostics-export.yml +++ b/.github/workflows/__diagnostics-export.yml @@ -57,6 +57,7 @@ jobs: uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} + use-all-platform-bundle: 'false' - name: Set environment variable for Swift enablement if: >- runner.os != 'Windows' && ( diff --git a/.github/workflows/__export-file-baseline-information.yml b/.github/workflows/__export-file-baseline-information.yml index 299e489f5..e2c11a42b 100644 --- a/.github/workflows/__export-file-baseline-information.yml +++ b/.github/workflows/__export-file-baseline-information.yml @@ -45,6 +45,7 @@ jobs: uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} + use-all-platform-bundle: 'false' - name: Set environment variable for Swift enablement if: >- runner.os != 'Windows' && ( diff --git a/.github/workflows/__extractor-ram-threads.yml b/.github/workflows/__extractor-ram-threads.yml index ec013f2a4..71e43ec57 100644 --- a/.github/workflows/__extractor-ram-threads.yml +++ b/.github/workflows/__extractor-ram-threads.yml @@ -41,6 +41,7 @@ jobs: uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} + use-all-platform-bundle: 'false' - name: Set environment variable for Swift enablement if: >- runner.os != 'Windows' && ( diff --git a/.github/workflows/__go-custom-queries.yml b/.github/workflows/__go-custom-queries.yml index 2d016d976..499927131 100644 --- a/.github/workflows/__go-custom-queries.yml +++ b/.github/workflows/__go-custom-queries.yml @@ -81,6 +81,7 @@ jobs: uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} + use-all-platform-bundle: 'false' - name: Set environment variable for Swift enablement if: >- runner.os != 'Windows' && ( diff --git a/.github/workflows/__go-tracing-autobuilder.yml b/.github/workflows/__go-tracing-autobuilder.yml index 87373c549..8250e766a 100644 --- a/.github/workflows/__go-tracing-autobuilder.yml +++ b/.github/workflows/__go-tracing-autobuilder.yml @@ -67,6 +67,7 @@ jobs: uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} + use-all-platform-bundle: 'false' - name: Set environment variable for Swift enablement if: >- runner.os != 'Windows' && ( diff --git a/.github/workflows/__go-tracing-custom-build-steps.yml b/.github/workflows/__go-tracing-custom-build-steps.yml index ce0ba6ad9..46b4df3ac 100644 --- a/.github/workflows/__go-tracing-custom-build-steps.yml +++ b/.github/workflows/__go-tracing-custom-build-steps.yml @@ -67,6 +67,7 @@ jobs: uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} + use-all-platform-bundle: 'false' - name: Set environment variable for Swift enablement if: >- runner.os != 'Windows' && ( diff --git a/.github/workflows/__go-tracing-legacy-workflow.yml b/.github/workflows/__go-tracing-legacy-workflow.yml index 5dbe58cd9..06b1a21b2 100644 --- a/.github/workflows/__go-tracing-legacy-workflow.yml +++ b/.github/workflows/__go-tracing-legacy-workflow.yml @@ -67,6 +67,7 @@ jobs: uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} + use-all-platform-bundle: 'false' - name: Set environment variable for Swift enablement if: >- runner.os != 'Windows' && ( diff --git a/.github/workflows/__init-with-registries.yml b/.github/workflows/__init-with-registries.yml index 871d50e66..696945448 100644 --- a/.github/workflows/__init-with-registries.yml +++ b/.github/workflows/__init-with-registries.yml @@ -58,6 +58,7 @@ jobs: uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} + use-all-platform-bundle: 'false' - name: Set environment variable for Swift enablement if: >- runner.os != 'Windows' && ( diff --git a/.github/workflows/__javascript-source-root.yml b/.github/workflows/__javascript-source-root.yml index 49ef29635..0eb4f09d2 100644 --- a/.github/workflows/__javascript-source-root.yml +++ b/.github/workflows/__javascript-source-root.yml @@ -45,6 +45,7 @@ jobs: uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} + use-all-platform-bundle: 'false' - name: Set environment variable for Swift enablement if: >- runner.os != 'Windows' && ( diff --git a/.github/workflows/__ml-powered-queries.yml b/.github/workflows/__ml-powered-queries.yml index 76d531b42..cfe25b284 100644 --- a/.github/workflows/__ml-powered-queries.yml +++ b/.github/workflows/__ml-powered-queries.yml @@ -81,6 +81,7 @@ jobs: uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} + use-all-platform-bundle: 'false' - name: Set environment variable for Swift enablement if: >- runner.os != 'Windows' && ( diff --git a/.github/workflows/__multi-language-autodetect.yml b/.github/workflows/__multi-language-autodetect.yml index 247180fd8..d11a615b0 100644 --- a/.github/workflows/__multi-language-autodetect.yml +++ b/.github/workflows/__multi-language-autodetect.yml @@ -67,6 +67,7 @@ jobs: uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} + use-all-platform-bundle: 'false' - name: Set environment variable for Swift enablement if: >- runner.os != 'Windows' && ( diff --git a/.github/workflows/__packaging-codescanning-config-inputs-js.yml b/.github/workflows/__packaging-codescanning-config-inputs-js.yml index e224153ac..6c2c8f2c2 100644 --- a/.github/workflows/__packaging-codescanning-config-inputs-js.yml +++ b/.github/workflows/__packaging-codescanning-config-inputs-js.yml @@ -57,6 +57,7 @@ jobs: uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} + use-all-platform-bundle: 'false' - name: Set environment variable for Swift enablement if: >- runner.os != 'Windows' && ( diff --git a/.github/workflows/__packaging-config-inputs-js.yml b/.github/workflows/__packaging-config-inputs-js.yml index a8e6f96d2..e1b883feb 100644 --- a/.github/workflows/__packaging-config-inputs-js.yml +++ b/.github/workflows/__packaging-config-inputs-js.yml @@ -57,6 +57,7 @@ jobs: uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} + use-all-platform-bundle: 'false' - name: Set environment variable for Swift enablement if: >- runner.os != 'Windows' && ( diff --git a/.github/workflows/__packaging-config-js.yml b/.github/workflows/__packaging-config-js.yml index d2450601e..873e64f00 100644 --- a/.github/workflows/__packaging-config-js.yml +++ b/.github/workflows/__packaging-config-js.yml @@ -57,6 +57,7 @@ jobs: uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} + use-all-platform-bundle: 'false' - name: Set environment variable for Swift enablement if: >- runner.os != 'Windows' && ( diff --git a/.github/workflows/__packaging-inputs-js.yml b/.github/workflows/__packaging-inputs-js.yml index 5edad348a..ba2a2c109 100644 --- a/.github/workflows/__packaging-inputs-js.yml +++ b/.github/workflows/__packaging-inputs-js.yml @@ -57,6 +57,7 @@ jobs: uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} + use-all-platform-bundle: 'false' - name: Set environment variable for Swift enablement if: >- runner.os != 'Windows' && ( diff --git a/.github/workflows/__remote-config.yml b/.github/workflows/__remote-config.yml index 2fdd778db..d91f15137 100644 --- a/.github/workflows/__remote-config.yml +++ b/.github/workflows/__remote-config.yml @@ -81,6 +81,7 @@ jobs: uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} + use-all-platform-bundle: 'false' - name: Set environment variable for Swift enablement if: >- runner.os != 'Windows' && ( diff --git a/.github/workflows/__resolve-environment-action.yml b/.github/workflows/__resolve-environment-action.yml index e33be58e8..edf9f00cd 100644 --- a/.github/workflows/__resolve-environment-action.yml +++ b/.github/workflows/__resolve-environment-action.yml @@ -45,6 +45,7 @@ jobs: uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} + use-all-platform-bundle: 'false' - name: Set environment variable for Swift enablement if: >- runner.os != 'Windows' && ( diff --git a/.github/workflows/__rubocop-multi-language.yml b/.github/workflows/__rubocop-multi-language.yml index 9f63d77f4..34804eea7 100644 --- a/.github/workflows/__rubocop-multi-language.yml +++ b/.github/workflows/__rubocop-multi-language.yml @@ -41,6 +41,7 @@ jobs: uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} + use-all-platform-bundle: 'false' - name: Set environment variable for Swift enablement if: >- runner.os != 'Windows' && ( diff --git a/.github/workflows/__ruby.yml b/.github/workflows/__ruby.yml index d7192fda8..847c9e561 100644 --- a/.github/workflows/__ruby.yml +++ b/.github/workflows/__ruby.yml @@ -51,6 +51,7 @@ jobs: uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} + use-all-platform-bundle: 'false' - name: Set environment variable for Swift enablement if: >- runner.os != 'Windows' && ( diff --git a/.github/workflows/__scaling-reserved-ram.yml b/.github/workflows/__scaling-reserved-ram.yml index 566988d00..fa59317d7 100644 --- a/.github/workflows/__scaling-reserved-ram.yml +++ b/.github/workflows/__scaling-reserved-ram.yml @@ -67,6 +67,7 @@ jobs: uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} + use-all-platform-bundle: 'false' - name: Set environment variable for Swift enablement if: >- runner.os != 'Windows' && ( diff --git a/.github/workflows/__split-workflow.yml b/.github/workflows/__split-workflow.yml index 1973b766b..21b014f29 100644 --- a/.github/workflows/__split-workflow.yml +++ b/.github/workflows/__split-workflow.yml @@ -51,6 +51,7 @@ jobs: uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} + use-all-platform-bundle: 'false' - name: Set environment variable for Swift enablement if: >- runner.os != 'Windows' && ( diff --git a/.github/workflows/__submit-sarif-failure.yml b/.github/workflows/__submit-sarif-failure.yml index d4beca429..42038acca 100644 --- a/.github/workflows/__submit-sarif-failure.yml +++ b/.github/workflows/__submit-sarif-failure.yml @@ -45,6 +45,7 @@ jobs: uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} + use-all-platform-bundle: 'false' - name: Set environment variable for Swift enablement if: >- runner.os != 'Windows' && ( diff --git a/.github/workflows/__swift-custom-build.yml b/.github/workflows/__swift-custom-build.yml index 73b43b4b8..f7c5aff50 100644 --- a/.github/workflows/__swift-custom-build.yml +++ b/.github/workflows/__swift-custom-build.yml @@ -51,6 +51,7 @@ jobs: uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} + use-all-platform-bundle: 'false' - name: Set environment variable for Swift enablement if: >- runner.os != 'Windows' && ( diff --git a/.github/workflows/__test-autobuild-working-dir.yml b/.github/workflows/__test-autobuild-working-dir.yml index a230e4d57..c2a815ef7 100644 --- a/.github/workflows/__test-autobuild-working-dir.yml +++ b/.github/workflows/__test-autobuild-working-dir.yml @@ -41,6 +41,7 @@ jobs: uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} + use-all-platform-bundle: 'false' - name: Set environment variable for Swift enablement if: >- runner.os != 'Windows' && ( diff --git a/.github/workflows/__test-local-codeql.yml b/.github/workflows/__test-local-codeql.yml index 710df8a81..127ff679b 100644 --- a/.github/workflows/__test-local-codeql.yml +++ b/.github/workflows/__test-local-codeql.yml @@ -41,6 +41,7 @@ jobs: uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} + use-all-platform-bundle: 'false' - name: Set environment variable for Swift enablement if: >- runner.os != 'Windows' && ( diff --git a/.github/workflows/__test-proxy.yml b/.github/workflows/__test-proxy.yml index ec34b9f29..71ca3c4c2 100644 --- a/.github/workflows/__test-proxy.yml +++ b/.github/workflows/__test-proxy.yml @@ -41,6 +41,7 @@ jobs: uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} + use-all-platform-bundle: 'false' - name: Set environment variable for Swift enablement if: >- runner.os != 'Windows' && ( diff --git a/.github/workflows/__unset-environment.yml b/.github/workflows/__unset-environment.yml index edaa7dd1d..44d8857a6 100644 --- a/.github/workflows/__unset-environment.yml +++ b/.github/workflows/__unset-environment.yml @@ -53,6 +53,7 @@ jobs: uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} + use-all-platform-bundle: 'false' - name: Set environment variable for Swift enablement if: >- runner.os != 'Windows' && ( diff --git a/.github/workflows/__upload-ref-sha-input.yml b/.github/workflows/__upload-ref-sha-input.yml index c9a0259bc..422ddb50c 100644 --- a/.github/workflows/__upload-ref-sha-input.yml +++ b/.github/workflows/__upload-ref-sha-input.yml @@ -81,6 +81,7 @@ jobs: uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} + use-all-platform-bundle: 'false' - name: Set environment variable for Swift enablement if: >- runner.os != 'Windows' && ( diff --git a/.github/workflows/__with-checkout-path.yml b/.github/workflows/__with-checkout-path.yml index 381875029..2d2b7c12d 100644 --- a/.github/workflows/__with-checkout-path.yml +++ b/.github/workflows/__with-checkout-path.yml @@ -81,6 +81,7 @@ jobs: uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} + use-all-platform-bundle: 'false' - name: Set environment variable for Swift enablement if: >- runner.os != 'Windows' && ( diff --git a/.github/workflows/test-codeql-bundle-all.yml b/.github/workflows/test-codeql-bundle-all.yml new file mode 100644 index 000000000..c455d71a4 --- /dev/null +++ b/.github/workflows/test-codeql-bundle-all.yml @@ -0,0 +1,56 @@ +name: 'PR Check - CodeQL Bundle All' +env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GO111MODULE: auto + # Disable Kotlin analysis while it's incompatible with Kotlin 1.8, until we find a + # workaround for our PR checks. + CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true' +on: + push: + branches: + - main + - releases/v2 + pull_request: + types: + - opened + - synchronize + - reopened + - ready_for_review + workflow_dispatch: {} +jobs: + test-codeql-bundle-all: + strategy: + matrix: + include: + - os: ubuntu-latest + version: nightly-latest + name: 'CodeQL Bundle All' + permissions: + contents: read + security-events: write + timeout-minutes: 45 + runs-on: ${{ matrix.os }} + steps: + - name: Check out repository + uses: actions/checkout@v3 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: true + - id: init + uses: ./../action/init + with: + tools: ${{ steps.prepare-test.outputs.tools-url }} + - uses: ./../action/.github/actions/setup-swift + with: + codeql-path: ${{ steps.init.outputs.codeql-path }} + - name: Build code + shell: bash + run: ./build.sh + - uses: ./../action/analyze + with: + upload-database: false + env: + CODEQL_ACTION_TEST_MODE: true \ No newline at end of file diff --git a/pr-checks/checks/all-platform-bundle.yml b/pr-checks/checks/all-platform-bundle.yml new file mode 100644 index 000000000..b681ad616 --- /dev/null +++ b/pr-checks/checks/all-platform-bundle.yml @@ -0,0 +1,19 @@ +name: "All-platform bundle" +description: "Tests using an all-platform CodeQL Bundle" +versions: ["nightly-latest"] +operatingSystems: ["ubuntu"] +useAllPlatformBundle: "true" +steps: + - id: init + uses: ./../action/init + with: + tools: ${{ steps.prepare-test.outputs.tools-url }} + - uses: ./../action/.github/actions/setup-swift + with: + codeql-path: ${{ steps.init.outputs.codeql-path }} + - name: Build code + shell: bash + run: ./build.sh + - uses: ./../action/analyze + with: + upload-database: false diff --git a/pr-checks/sync.py b/pr-checks/sync.py index f8d98ee79..dd8118036 100644 --- a/pr-checks/sync.py +++ b/pr-checks/sync.py @@ -63,6 +63,10 @@ for file in os.listdir('checks'): 'version': version }) + useAllPlatformBundle = "false" # Default to false + if checkSpecification.get('useAllPlatformBundle'): + useAllPlatformBundle = checkSpecification['useAllPlatformBundle'] + steps = [ { 'name': 'Check out repository', @@ -73,7 +77,8 @@ for file in os.listdir('checks'): 'id': 'prepare-test', 'uses': './.github/actions/prepare-test', 'with': { - 'version': '${{ matrix.version }}' + 'version': '${{ matrix.version }}', + 'use-all-platform-bundle': useAllPlatformBundle } }, # We don't support Swift on Windows or prior versions of the CLI.