Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade github/codeql dependency to 2.18.4 #734

Closed
wants to merge 8 commits into from
Closed

Upgrade github/codeql dependency to 2.18.4 #734

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
8cfa9cf
Upgrade CodeQL dependencies now updates qlpack.yml files
lcartey Oct 3, 2024
4b13ea4
Upgrade workflow now provides codeql binary on path
lcartey Oct 3, 2024
1fe51d5
Update upgrade documentation
lcartey Oct 3, 2024
8bd60fb
Developer handbook: improve upgrade documentation
lcartey Oct 3, 2024
6e89bb1
Upgrade CodeQL - ensure minimal changes to qlpacks.yml
lcartey Oct 3, 2024
6278a09
Upgrade GitHub Actions versions
lcartey Oct 4, 2024
741c372
Upgrading `github/codeql` dependency to 2.18.4
lcartey Oct 4, 2024
8746e00
Merge branch 'main' into codeql/upgrade-to-2.18.4
lcartey Oct 4, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
42 changes: 26 additions & 16 deletions .github/workflows/upgrade_codeql_dependencies.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,10 +18,20 @@
runs-on: ubuntu-22.04
steps:
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@v4

- name: Fetch CodeQL
env:
GITHUB_TOKEN: ${{ github.token }}
RUNNER_TEMP: ${{ runner.temp }}
run: |
cd $RUNNER_TEMP
gh release download "v${CODEQL_CLI_VERSION}" --repo https://github.com/github/codeql-cli-binaries --pattern codeql-linux64.zip
unzip -q codeql-linux64.zip
echo "$RUNNER_TEMP/codeql/" >> $GITHUB_PATH

- name: Install Python
uses: actions/setup-python@v4
uses: actions/setup-python@v5
with:
python-version: "3.9"

Expand All @@ -35,27 +45,27 @@
run: |
python3 scripts/upgrade-codeql-dependencies/upgrade-codeql-dependencies.py --cli-version "$CODEQL_CLI_VERSION"

- name: Fetch CodeQL
env:
GITHUB_TOKEN: ${{ github.token }}
RUNNER_TEMP: ${{ runner.temp }}
run: |
cd $RUNNER_TEMP
gh release download "v${CODEQL_CLI_VERSION}" --repo https://github.com/github/codeql-cli-binaries --pattern codeql-linux64.zip
unzip -q codeql-linux64.zip

- name: Update CodeQL formatting based on new CLI version
env:
RUNNER_TEMP: ${{ runner.temp }}
run: |
find cpp \( -name '*.ql' -or -name '*.qll' \) -print0 | xargs -0 --max-procs "$XARGS_MAX_PROCS" $RUNNER_TEMP/codeql/codeql query format --in-place
find c \( -name '*.ql' -or -name '*.qll' \) -print0 | xargs -0 --max-procs "$XARGS_MAX_PROCS" $RUNNER_TEMP/codeql/codeql query format --in-place
find cpp \( -name '*.ql' -or -name '*.qll' \) -print0 | xargs -0 --max-procs "$XARGS_MAX_PROCS" codeql query format --in-place
find c \( -name '*.ql' -or -name '*.qll' \) -print0 | xargs -0 --max-procs "$XARGS_MAX_PROCS" codeql query format --in-place

- name: Create Pull Request
uses: peter-evans/create-pull-request@v3
uses: peter-evans/create-pull-request@v7

Check warning

Code scanning / CodeQL

Unpinned tag for 3rd party Action in workflow Medium

Unpinned 3rd party Action 'Upgrade supported CodeQL configuration' step
Uses Step
Loading
uses 'peter-evans/create-pull-request' with ref 'v7', not a pinned commit hash
with:
title: "Upgrading `github/codeql` dependency to ${{ github.event.inputs.codeql_cli_version }}"
body: "This PR upgrades the CodeQL CLI version to ${{ github.event.inputs.codeql_cli_version }}."
title: "Upgrade `github/codeql` dependency to ${{ github.event.inputs.codeql_cli_version }}"
body: |
This PR upgrades the CodeQL CLI version to ${{ github.event.inputs.codeql_cli_version }}.

## CodeQL dependency upgrade checklist:

- [ ] Confirm the code has been correctly reformatted according to the new CodeQL CLI.
- [ ] Identify any CodeQL compiler warnings and errors, and update queries as required.
- [ ] Validate that the `github/codeql` test cases succeed.
- [ ] Address any CodeQL test failures in the `github/codeql-coding-standards` repository.
- [ ] Validate performance vs pre-upgrade, using /test-performance
commit-message: "Upgrading `github/codeql` dependency to ${{ github.event.inputs.codeql_cli_version }}"
delete-branch: true
branch: "codeql/upgrade-to-${{ github.event.inputs.codeql_cli_version }}"
20 changes: 15 additions & 5 deletions c/cert/src/codeql-pack.lock.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,23 @@
lockVersion: 1.0.0
dependencies:
codeql/cpp-all:
version: 0.9.3
version: 1.4.2
codeql/dataflow:
version: 0.0.4
version: 1.1.1
codeql/mad:
version: 1.0.7
codeql/rangeanalysis:
version: 1.0.7
codeql/ssa:
version: 0.1.5
version: 1.0.7
codeql/tutorial:
version: 0.1.5
version: 1.0.7
codeql/typeflow:
version: 1.0.7
codeql/typetracking:
version: 1.0.7
codeql/util:
version: 0.1.5
version: 1.0.7
codeql/xml:
version: 1.0.7
compiled: false
2 changes: 1 addition & 1 deletion c/cert/src/qlpack.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,4 +5,4 @@ suites: codeql-suites
license: MIT
dependencies:
codeql/common-c-coding-standards: '*'
codeql/cpp-all: 0.9.3
codeql/cpp-all: 1.4.2
20 changes: 15 additions & 5 deletions c/common/src/codeql-pack.lock.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,23 @@
lockVersion: 1.0.0
dependencies:
codeql/cpp-all:
version: 0.9.3
version: 1.4.2
codeql/dataflow:
version: 0.0.4
version: 1.1.1
codeql/mad:
version: 1.0.7
codeql/rangeanalysis:
version: 1.0.7
codeql/ssa:
version: 0.1.5
version: 1.0.7
codeql/tutorial:
version: 0.1.5
version: 1.0.7
codeql/typeflow:
version: 1.0.7
codeql/typetracking:
version: 1.0.7
codeql/util:
version: 0.1.5
version: 1.0.7
codeql/xml:
version: 1.0.7
compiled: false
2 changes: 1 addition & 1 deletion c/common/src/qlpack.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,4 @@ version: 2.36.0-dev
license: MIT
dependencies:
codeql/common-cpp-coding-standards: '*'
codeql/cpp-all: 0.9.3
codeql/cpp-all: 1.4.2
20 changes: 15 additions & 5 deletions c/misra/src/codeql-pack.lock.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,23 @@
lockVersion: 1.0.0
dependencies:
codeql/cpp-all:
version: 0.9.3
version: 1.4.2
codeql/dataflow:
version: 0.0.4
version: 1.1.1
codeql/mad:
version: 1.0.7
codeql/rangeanalysis:
version: 1.0.7
codeql/ssa:
version: 0.1.5
version: 1.0.7
codeql/tutorial:
version: 0.1.5
version: 1.0.7
codeql/typeflow:
version: 1.0.7
codeql/typetracking:
version: 1.0.7
codeql/util:
version: 0.1.5
version: 1.0.7
codeql/xml:
version: 1.0.7
compiled: false
2 changes: 1 addition & 1 deletion c/misra/src/qlpack.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,4 +5,4 @@ suites: codeql-suites
license: MIT
dependencies:
codeql/common-c-coding-standards: '*'
codeql/cpp-all: 0.9.3
codeql/cpp-all: 1.4.2
20 changes: 15 additions & 5 deletions cpp/autosar/src/codeql-pack.lock.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,23 @@
lockVersion: 1.0.0
dependencies:
codeql/cpp-all:
version: 0.9.3
version: 1.4.2
codeql/dataflow:
version: 0.0.4
version: 1.1.1
codeql/mad:
version: 1.0.7
codeql/rangeanalysis:
version: 1.0.7
codeql/ssa:
version: 0.1.5
version: 1.0.7
codeql/tutorial:
version: 0.1.5
version: 1.0.7
codeql/typeflow:
version: 1.0.7
codeql/typetracking:
version: 1.0.7
codeql/util:
version: 0.1.5
version: 1.0.7
codeql/xml:
version: 1.0.7
compiled: false
2 changes: 1 addition & 1 deletion cpp/autosar/src/qlpack.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,4 +5,4 @@ suites: codeql-suites
license: MIT
dependencies:
codeql/common-cpp-coding-standards: '*'
codeql/cpp-all: 0.9.3
codeql/cpp-all: 1.4.2
20 changes: 15 additions & 5 deletions cpp/cert/src/codeql-pack.lock.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,23 @@
lockVersion: 1.0.0
dependencies:
codeql/cpp-all:
version: 0.9.3
version: 1.4.2
codeql/dataflow:
version: 0.0.4
version: 1.1.1
codeql/mad:
version: 1.0.7
codeql/rangeanalysis:
version: 1.0.7
codeql/ssa:
version: 0.1.5
version: 1.0.7
codeql/tutorial:
version: 0.1.5
version: 1.0.7
codeql/typeflow:
version: 1.0.7
codeql/typetracking:
version: 1.0.7
codeql/util:
version: 0.1.5
version: 1.0.7
codeql/xml:
version: 1.0.7
compiled: false
2 changes: 1 addition & 1 deletion cpp/cert/src/qlpack.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,5 +4,5 @@ description: CERT C++ 2016
suites: codeql-suites
license: MIT
dependencies:
codeql/cpp-all: 0.9.3
codeql/cpp-all: 1.4.2
codeql/common-cpp-coding-standards: '*'
20 changes: 15 additions & 5 deletions cpp/common/src/codeql-pack.lock.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,23 @@
lockVersion: 1.0.0
dependencies:
codeql/cpp-all:
version: 0.9.3
version: 1.4.2
codeql/dataflow:
version: 0.0.4
version: 1.1.1
codeql/mad:
version: 1.0.7
codeql/rangeanalysis:
version: 1.0.7
codeql/ssa:
version: 0.1.5
version: 1.0.7
codeql/tutorial:
version: 0.1.5
version: 1.0.7
codeql/typeflow:
version: 1.0.7
codeql/typetracking:
version: 1.0.7
codeql/util:
version: 0.1.5
version: 1.0.7
codeql/xml:
version: 1.0.7
compiled: false
4 changes: 2 additions & 2 deletions cpp/common/src/qlpack.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,6 @@ name: codeql/common-cpp-coding-standards
version: 2.36.0-dev
license: MIT
dependencies:
codeql/cpp-all: 0.9.3
codeql/cpp-all: 1.4.2
dataExtensions:
- ext/*.model.yml
- ext/*.model.yml
20 changes: 15 additions & 5 deletions cpp/misra/src/codeql-pack.lock.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,23 @@
lockVersion: 1.0.0
dependencies:
codeql/cpp-all:
version: 0.9.3
version: 1.4.2
codeql/dataflow:
version: 0.0.4
version: 1.1.1
codeql/mad:
version: 1.0.7
codeql/rangeanalysis:
version: 1.0.7
codeql/ssa:
version: 0.1.5
version: 1.0.7
codeql/tutorial:
version: 0.1.5
version: 1.0.7
codeql/typeflow:
version: 1.0.7
codeql/typetracking:
version: 1.0.7
codeql/util:
version: 0.1.5
version: 1.0.7
codeql/xml:
version: 1.0.7
compiled: false
2 changes: 1 addition & 1 deletion cpp/misra/src/qlpack.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,4 +5,4 @@ suites: codeql-suites
license: MIT
dependencies:
codeql/common-cpp-coding-standards: '*'
codeql/cpp-all: 0.9.3
codeql/cpp-all: 1.4.2
20 changes: 15 additions & 5 deletions cpp/report/src/codeql-pack.lock.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,23 @@
lockVersion: 1.0.0
dependencies:
codeql/cpp-all:
version: 0.9.3
version: 1.4.2
codeql/dataflow:
version: 0.0.4
version: 1.1.1
codeql/mad:
version: 1.0.7
codeql/rangeanalysis:
version: 1.0.7
codeql/ssa:
version: 0.1.5
version: 1.0.7
codeql/tutorial:
version: 0.1.5
version: 1.0.7
codeql/typeflow:
version: 1.0.7
codeql/typetracking:
version: 1.0.7
codeql/util:
version: 0.1.5
version: 1.0.7
codeql/xml:
version: 1.0.7
compiled: false
2 changes: 1 addition & 1 deletion cpp/report/src/qlpack.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@ name: codeql/report-cpp-coding-standards
version: 2.36.0-dev
license: MIT
dependencies:
codeql/cpp-all: 0.9.3
codeql/cpp-all: 1.4.2
Loading
Loading