Skip to content

Commit

Permalink
Merge branch 'main' into flynew
Browse files Browse the repository at this point in the history
  • Loading branch information
Kwstubbs authored Nov 27, 2024
2 parents 44a1c3c + 553bc8c commit 9edecdd
Show file tree
Hide file tree
Showing 7,048 changed files with 415,461 additions and 205,469 deletions.
The diff you're trying to view is too large. We only load the first 3000 changed files.
2 changes: 0 additions & 2 deletions .bazelrc
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
common --enable_platform_specific_config
common --enable_bzlmod
# because we use --override_module with `%workspace%`, the lock file is not stable
common --lockfile_mode=off

Expand All @@ -24,6 +23,5 @@ common --registry=file:///%workspace%/misc/bazel/registry
common --registry=https://bcr.bazel.build

common --@rules_dotnet//dotnet/settings:strict_deps=false
common --experimental_isolated_extension_usages

try-import %workspace%/local.bazelrc
1 change: 0 additions & 1 deletion .bazelrc.internal
Original file line number Diff line number Diff line change
Expand Up @@ -8,4 +8,3 @@ common --registry=https://bcr.bazel.build
# its implementation packages without providing any code itself.
# We either can depend on internal implementation details, or turn of strict deps.
common --@rules_dotnet//dotnet/settings:strict_deps=false
common --experimental_isolated_extension_usages
2 changes: 1 addition & 1 deletion .bazelversion
Original file line number Diff line number Diff line change
@@ -1 +1 @@
5f5d70b6c4d2fb1a889479569107f1692239e8a7
8.0.0rc1
2 changes: 2 additions & 0 deletions .github/codeql/codeql-config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,3 +9,5 @@ paths-ignore:
- '/python/'
- '/javascript/ql/test'
- '/javascript/extractor/tests'
- '/rust/ql/test'
- '/rust/ql/integration-tests'
8 changes: 8 additions & 0 deletions .github/labeler.yml
Original file line number Diff line number Diff line change
Expand Up @@ -30,10 +30,18 @@ Ruby:
- ruby/**/*
- change-notes/**/*ruby*

Rust:
- rust/**/*
- change-notes/**/*rust*

Swift:
- swift/**/*
- change-notes/**/*swift*

Actions:
- actions/**/*
- change-notes/**/*actions*

documentation:
- "**/*.qhelp"
- "**/*.md"
Expand Down
1 change: 1 addition & 0 deletions .github/pull_request_template.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,3 +11,4 @@

- [ ] Autofixes generated based on these changes are valid, only needed if this PR makes significant changes to `.ql`, `.qll`, or `.qhelp` files. See [the documentation](https://github.com/github/codeql-team/blob/main/docs/best-practices/validating-autofix-for-query-changes.md) (internal access required).
- [ ] Changes are validated [at scale](https://github.com/github/codeql-dca/) (internal access required).
- [ ] Adding a new query? Consider also [adding the query to autofix](https://github.com/github/codeml-autofix/blob/main/docs/updating-query-support.md#adding-a-new-query-to-the-query-suite).
2 changes: 1 addition & 1 deletion .github/workflows/build-ripunzip.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ jobs:
strategy:
fail-fast: false
matrix:
os: [ubuntu-20.04, macos-12, windows-2019]
os: [ubuntu-20.04, macos-13, windows-2019]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
Expand Down
5 changes: 3 additions & 2 deletions .github/workflows/check-change-note.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,11 +16,12 @@ on:
- "shared/**/*.qll"
- "!**/experimental/**"
- "!ql/**"
- "!rust/**"
- ".github/workflows/check-change-note.yml"

jobs:
check-change-note:
env:
env:
REPO: ${{ github.repository }}
PULL_REQUEST_NUMBER: ${{ github.event.number }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Expand All @@ -33,7 +34,7 @@ jobs:
!contains(github.event.pull_request.labels.*.name, 'no-change-note-required')
run: |
change_note_files=$(gh api "repos/$REPO/pulls/$PULL_REQUEST_NUMBER/files" --paginate --jq '.[].filename | select(test("/change-notes/.*[.]md$"))')
if [ -z "$change_note_files" ]; then
echo "No change note found. Either add one, or add the 'no-change-note-required' label."
exit 1
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/codeql-analysis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ jobs:
- name: Setup dotnet
uses: actions/setup-dotnet@v4
with:
dotnet-version: 8.0.101
dotnet-version: 9.0.100

- name: Checkout repository
uses: actions/checkout@v4
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/compile-queries.yml
Original file line number Diff line number Diff line change
Expand Up @@ -33,9 +33,9 @@ jobs:
# run with --check-only if running in a PR (github.sha != main)
if : ${{ github.event_name == 'pull_request' }}
shell: bash
run: codeql query compile -q -j0 */ql/{src,examples} --keep-going --warnings=error --check-only --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}" --compilation-cache-size=500
run: codeql query compile -q -j0 */ql/{src,examples} --keep-going --warnings=error --check-only --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}" --compilation-cache-size=500 --ram=56000
- name: compile queries - full
# do full compile if running on main - this populates the cache
if : ${{ github.event_name != 'pull_request' }}
shell: bash
run: codeql query compile -q -j0 */ql/{src,examples} --keep-going --warnings=error --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}" --compilation-cache-size=500
run: codeql query compile -q -j0 */ql/{src,examples} --keep-going --warnings=error --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}" --compilation-cache-size=500 --ram=56000
2 changes: 1 addition & 1 deletion .github/workflows/cpp-swift-analysis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ jobs:
- name: "Build Swift extractor using Bazel"
run: |
bazel clean --expunge
bazel run //swift:create-extractor-pack --nouse_action_cache --noremote_accept_cached --noremote_upload_local_results --spawn_strategy=local
bazel run //swift:install --nouse_action_cache --noremote_accept_cached --noremote_upload_local_results --spawn_strategy=local
bazel shutdown
- name: Perform CodeQL Analysis
Expand Down
10 changes: 5 additions & 5 deletions .github/workflows/csharp-qltest.yml
Original file line number Diff line number Diff line change
Expand Up @@ -39,14 +39,14 @@ jobs:
- name: Setup dotnet
uses: actions/setup-dotnet@v4
with:
dotnet-version: 8.0.101
dotnet-version: 9.0.100
- name: Extractor unit tests
run: |
dotnet tool restore
dotnet test -p:RuntimeFrameworkVersion=8.0.1 extractor/Semmle.Util.Tests
dotnet test -p:RuntimeFrameworkVersion=8.0.1 extractor/Semmle.Extraction.Tests
dotnet test -p:RuntimeFrameworkVersion=8.0.1 autobuilder/Semmle.Autobuild.CSharp.Tests
dotnet test -p:RuntimeFrameworkVersion=8.0.1 autobuilder/Semmle.Autobuild.Cpp.Tests
dotnet test -p:RuntimeFrameworkVersion=9.0.0 extractor/Semmle.Util.Tests
dotnet test -p:RuntimeFrameworkVersion=9.0.0 extractor/Semmle.Extraction.Tests
dotnet test -p:RuntimeFrameworkVersion=9.0.0 autobuilder/Semmle.Autobuild.CSharp.Tests
dotnet test -p:RuntimeFrameworkVersion=9.0.0 autobuilder/Semmle.Autobuild.Cpp.Tests
shell: bash
stubgentest:
runs-on: ubuntu-latest
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/csv-coverage-metrics.yml
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ jobs:
run: |
DATABASE="${{ runner.temp }}/java-database"
codeql database analyze --format=sarif-latest --output=metrics-java.sarif -- "$DATABASE" ./java/ql/src/Metrics/Summaries/FrameworkCoverage.ql
- uses: actions/upload-artifact@v3
- uses: actions/upload-artifact@v4
with:
name: metrics-java.sarif
path: metrics-java.sarif
Expand All @@ -64,7 +64,7 @@ jobs:
run: |
DATABASE="${{ runner.temp }}/csharp-database"
codeql database analyze --format=sarif-latest --output=metrics-csharp.sarif -- "$DATABASE" ./csharp/ql/src/Metrics/Summaries/FrameworkCoverage.ql
- uses: actions/upload-artifact@v3
- uses: actions/upload-artifact@v4
with:
name: metrics-csharp.sarif
path: metrics-csharp.sarif
Expand Down
10 changes: 5 additions & 5 deletions .github/workflows/csv-coverage-pr-artifacts.yml
Original file line number Diff line number Diff line change
Expand Up @@ -71,21 +71,21 @@ jobs:
run: |
python base/misc/scripts/library-coverage/compare-folders.py out_base out_merge comparison.md
- name: Upload CSV package list
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: csv-framework-coverage-merge
path: |
out_merge/framework-coverage-*.csv
out_merge/framework-coverage-*.rst
- name: Upload CSV package list
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: csv-framework-coverage-base
path: |
out_base/framework-coverage-*.csv
out_base/framework-coverage-*.rst
- name: Upload comparison results
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: comparison
path: |
Expand All @@ -97,7 +97,7 @@ jobs:
env:
PR_NUMBER: ${{ github.event.pull_request.number }}
- name: Upload PR number
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: pr
path: pr/
Expand All @@ -117,7 +117,7 @@ jobs:
GITHUB_TOKEN: ${{ github.token }}
PR_NUMBER: ${{ github.event.pull_request.number }}
- name: Upload comment ID (if it exists)
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: comment
path: comment/
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/csv-coverage-timeseries.yml
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ jobs:
run: |
python script/misc/scripts/library-coverage/generate-timeseries.py codeqlModels
- name: Upload timeseries CSV
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: framework-coverage-timeseries
path: framework-coverage-timeseries-*.csv
4 changes: 2 additions & 2 deletions .github/workflows/csv-coverage.yml
Original file line number Diff line number Diff line change
Expand Up @@ -34,12 +34,12 @@ jobs:
run: |
python script/misc/scripts/library-coverage/generate-report.py ci codeqlModels script
- name: Upload CSV package list
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: framework-coverage-csv
path: framework-coverage-*.csv
- name: Upload RST package list
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: framework-coverage-rst
path: framework-coverage-*.rst
2 changes: 2 additions & 0 deletions .github/workflows/go-tests.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ on:
push:
paths:
- "go/**"
- "shared/**"
- .github/workflows/go-tests.yml
- .github/actions/**
- codeql-workspace.yml
Expand All @@ -12,6 +13,7 @@ on:
pull_request:
paths:
- "go/**"
- "shared/**"
- .github/workflows/go-tests.yml
- .github/actions/**
- codeql-workspace.yml
Expand Down
16 changes: 11 additions & 5 deletions .github/workflows/mad_modelDiff.yml
Original file line number Diff line number Diff line change
Expand Up @@ -38,14 +38,20 @@ jobs:
path: codeql-main
ref: main
- uses: ./codeql-main/.github/actions/fetch-codeql
# compute the shortname of the project that does not contain any special (disk) characters
- run: |
echo "SHORTNAME=${SLUG//[^a-zA-Z0-9_]/}" >> $GITHUB_OUTPUT
env:
SLUG: ${{ matrix.slug }}
id: shortname
- name: Download database
env:
SLUG: ${{ matrix.slug }}
GH_TOKEN: ${{ github.token }}
SHORTNAME: ${{ steps.shortname.outputs.SHORTNAME }}
run: |
set -x
mkdir lib-dbs
SHORTNAME=${SLUG//[^a-zA-Z0-9_]/}
gh api -H "Accept: application/zip" "/repos/${SLUG}/code-scanning/codeql/databases/java" > "$SHORTNAME.zip"
unzip -q -d "${SHORTNAME}-db" "${SHORTNAME}.zip"
mkdir "lib-dbs/$SHORTNAME/"
Expand Down Expand Up @@ -93,14 +99,14 @@ jobs:
name="diff_${basename/.model.yml/""}"
(diff -w -u $m $t | diff2html -i stdin -F $MODELS/$name.html) || true
done
- uses: actions/upload-artifact@v3
- uses: actions/upload-artifact@v4
with:
name: models
name: models-${{ steps.shortname.outputs.SHORTNAME }}
path: tmp-models/**/**/*.model.yml
retention-days: 20
- uses: actions/upload-artifact@v3
- uses: actions/upload-artifact@v4
with:
name: diffs
name: diffs-${{ steps.shortname.outputs.SHORTNAME }}
path: tmp-models/*.html
# An html file is only produced if the generated models differ.
if-no-files-found: ignore
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/mad_regenerate-models.yml
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ jobs:
find java -name "*.model.yml" -print0 | xargs -0 git add
git status
git diff --cached > models.patch
- uses: actions/upload-artifact@v3
- uses: actions/upload-artifact@v4
with:
name: patch
path: models.patch
Expand Down
7 changes: 5 additions & 2 deletions .github/workflows/post-pr-comment.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,8 +17,11 @@ jobs:
post_comment:
runs-on: ubuntu-latest
steps:
- name: Download artifact
run: gh run download "${WORKFLOW_RUN_ID}" --repo "${GITHUB_REPOSITORY}" --name "comment"
- name: Download artifacts
run: |
gh run download "${WORKFLOW_RUN_ID}" --repo "${GITHUB_REPOSITORY}" --name "comment-pr-number"
gh run download "${WORKFLOW_RUN_ID}" --repo "${GITHUB_REPOSITORY}" --name "comment-body"
gh run download "${WORKFLOW_RUN_ID}" --repo "${GITHUB_REPOSITORY}" --name "comment-id"
env:
GITHUB_TOKEN: ${{ github.token }}
WORKFLOW_RUN_ID: ${{ github.event.workflow_run.id }}
Expand Down
12 changes: 6 additions & 6 deletions .github/workflows/qhelp-pr-preview.yml
Original file line number Diff line number Diff line change
Expand Up @@ -36,9 +36,9 @@ jobs:
- run: echo "${PR_NUMBER}" > pr_number.txt
env:
PR_NUMBER: ${{ github.event.number }}
- uses: actions/upload-artifact@v3
- uses: actions/upload-artifact@v4
with:
name: comment
name: comment-pr-number
path: pr_number.txt
if-no-files-found: error
retention-days: 1
Expand Down Expand Up @@ -78,9 +78,9 @@ jobs:
exit "${EXIT_CODE}"
- if: ${{ !cancelled() }}
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: comment
name: comment-body
path: comment_body.txt
if-no-files-found: error
retention-days: 1
Expand All @@ -94,9 +94,9 @@ jobs:
GITHUB_TOKEN: ${{ github.token }}
PR_NUMBER: ${{ github.event.number }}

- uses: actions/upload-artifact@v3
- uses: actions/upload-artifact@v4
with:
name: comment
name: comment-id
path: comment_id.txt
if-no-files-found: error
retention-days: 1
4 changes: 2 additions & 2 deletions .github/workflows/ql-for-ql-build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@ jobs:
sarif_file: ql-for-ql.sarif
category: ql-for-ql
- name: Sarif as artifact
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: ql-for-ql.sarif
path: ql-for-ql.sarif
Expand All @@ -84,7 +84,7 @@ jobs:
mkdir split-sarif
node ./ql/scripts/split-sarif.js ql-for-ql.sarif split-sarif
- name: Upload langs as artifacts
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: ql-for-ql-langs
path: split-sarif
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/ql-for-ql-dataset_measure.yml
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@ jobs:
"${CODEQL}" dataset measure --threads 4 --output "stats/${{ matrix.repo }}/stats.xml" "${{ runner.temp }}/database/db-ql"
env:
CODEQL: ${{ steps.find-codeql.outputs.codeql-path }}
- uses: actions/upload-artifact@v3
- uses: actions/upload-artifact@v4
with:
name: measurements
path: stats
Expand All @@ -76,14 +76,14 @@ jobs:
needs: measure
steps:
- uses: actions/checkout@v4
- uses: actions/download-artifact@v3
- uses: actions/download-artifact@v4
with:
name: measurements
path: stats
- run: |
python -m pip install --user lxml
find stats -name 'stats.xml' -print0 | sort -z | xargs -0 python ruby/scripts/merge_stats.py --output ql/ql/src/ql.dbscheme.stats --normalise ql_tokeninfo
- uses: actions/upload-artifact@v3
- uses: actions/upload-artifact@v4
with:
name: ql.dbscheme.stats
path: ql/ql/src/ql.dbscheme.stats
2 changes: 1 addition & 1 deletion .github/workflows/query-list.yml
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ jobs:
run: |
python codeql/misc/scripts/generate-code-scanning-query-list.py > code-scanning-query-list.csv
- name: Upload code scanning query list
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: code-scanning-query-list
path: code-scanning-query-list.csv
Loading

0 comments on commit 9edecdd

Please sign in to comment.