From 2bc06587aa5aeb8171e05d6ead4e35b37413104f Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Wed, 11 Mar 2026 17:10:45 +0000 Subject: [PATCH 1/8] PR checks: Add support for per-OS CodeQL version --- pr-checks/sync.ts | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/pr-checks/sync.ts b/pr-checks/sync.ts index e6ccac629..5044f4b85 100755 --- a/pr-checks/sync.ts +++ b/pr-checks/sync.ts @@ -38,6 +38,8 @@ interface Specification extends JobSpecification { versions?: string[]; /** Operating system prefixes used to select runner images (e.g. `["ubuntu", "macos"]`). */ operatingSystems?: string[]; + /** Per-OS version overrides. If specified for an OS, only those versions are tested on that OS. */ + osCodeQlVersions?: Record; /** Whether to use the all-platform CodeQL bundle. */ useAllPlatformBundle?: string; /** Values for the `analysis-kinds` matrix dimension. */ @@ -317,6 +319,13 @@ function generateJobMatrix( const operatingSystems = checkSpecification.operatingSystems ?? ["ubuntu"]; for (const operatingSystem of operatingSystems) { + // If osCodeQlVersions is set for this OS, only include the specified CodeQL versions. + const allowedVersions = + checkSpecification.osCodeQlVersions?.[operatingSystem]; + if (allowedVersions && !allowedVersions.includes(version)) { + continue; + } + const runnerImagesForOs = runnerImages.filter((image) => image.startsWith(operatingSystem), ); From 41747794743e7e0274aa553a8e97fa667b99fb59 Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Wed, 11 Mar 2026 17:10:56 +0000 Subject: [PATCH 2/8] PR checks: Only run Go macOS tests on latest CodeQL versions --- .github/workflows/__go-tracing-autobuilder.yml | 14 -------------- .../workflows/__go-tracing-custom-build-steps.yml | 14 -------------- .github/workflows/__go-tracing-legacy-workflow.yml | 14 -------------- pr-checks/checks/go-tracing-autobuilder.yml | 4 ++++ pr-checks/checks/go-tracing-custom-build-steps.yml | 4 ++++ pr-checks/checks/go-tracing-legacy-workflow.yml | 4 ++++ 6 files changed, 12 insertions(+), 42 deletions(-) diff --git a/.github/workflows/__go-tracing-autobuilder.yml b/.github/workflows/__go-tracing-autobuilder.yml index c4ecfd410..f014d2cf6 100644 --- a/.github/workflows/__go-tracing-autobuilder.yml +++ b/.github/workflows/__go-tracing-autobuilder.yml @@ -51,32 +51,18 @@ jobs: include: - os: ubuntu-latest version: stable-v2.17.6 - - os: macos-latest - version: stable-v2.17.6 - os: ubuntu-latest version: stable-v2.18.4 - - os: macos-latest - version: stable-v2.18.4 - os: ubuntu-latest version: stable-v2.19.4 - - os: macos-latest - version: stable-v2.19.4 - os: ubuntu-latest version: stable-v2.20.7 - - os: macos-latest - version: stable-v2.20.7 - os: ubuntu-latest version: stable-v2.21.4 - - os: macos-latest - version: stable-v2.21.4 - os: ubuntu-latest version: stable-v2.22.4 - - os: macos-latest - version: stable-v2.22.4 - os: ubuntu-latest version: default - - os: macos-latest - version: default - os: ubuntu-latest version: linked - os: macos-latest diff --git a/.github/workflows/__go-tracing-custom-build-steps.yml b/.github/workflows/__go-tracing-custom-build-steps.yml index d51fc02a9..4b4782572 100644 --- a/.github/workflows/__go-tracing-custom-build-steps.yml +++ b/.github/workflows/__go-tracing-custom-build-steps.yml @@ -51,32 +51,18 @@ jobs: include: - os: ubuntu-latest version: stable-v2.17.6 - - os: macos-latest - version: stable-v2.17.6 - os: ubuntu-latest version: stable-v2.18.4 - - os: macos-latest - version: stable-v2.18.4 - os: ubuntu-latest version: stable-v2.19.4 - - os: macos-latest - version: stable-v2.19.4 - os: ubuntu-latest version: stable-v2.20.7 - - os: macos-latest - version: stable-v2.20.7 - os: ubuntu-latest version: stable-v2.21.4 - - os: macos-latest - version: stable-v2.21.4 - os: ubuntu-latest version: stable-v2.22.4 - - os: macos-latest - version: stable-v2.22.4 - os: ubuntu-latest version: default - - os: macos-latest - version: default - os: ubuntu-latest version: linked - os: macos-latest diff --git a/.github/workflows/__go-tracing-legacy-workflow.yml b/.github/workflows/__go-tracing-legacy-workflow.yml index 46127791e..101ad8024 100644 --- a/.github/workflows/__go-tracing-legacy-workflow.yml +++ b/.github/workflows/__go-tracing-legacy-workflow.yml @@ -51,32 +51,18 @@ jobs: include: - os: ubuntu-latest version: stable-v2.17.6 - - os: macos-latest - version: stable-v2.17.6 - os: ubuntu-latest version: stable-v2.18.4 - - os: macos-latest - version: stable-v2.18.4 - os: ubuntu-latest version: stable-v2.19.4 - - os: macos-latest - version: stable-v2.19.4 - os: ubuntu-latest version: stable-v2.20.7 - - os: macos-latest - version: stable-v2.20.7 - os: ubuntu-latest version: stable-v2.21.4 - - os: macos-latest - version: stable-v2.21.4 - os: ubuntu-latest version: stable-v2.22.4 - - os: macos-latest - version: stable-v2.22.4 - os: ubuntu-latest version: default - - os: macos-latest - version: default - os: ubuntu-latest version: linked - os: macos-latest diff --git a/pr-checks/checks/go-tracing-autobuilder.yml b/pr-checks/checks/go-tracing-autobuilder.yml index d6860bce0..5f9867d37 100644 --- a/pr-checks/checks/go-tracing-autobuilder.yml +++ b/pr-checks/checks/go-tracing-autobuilder.yml @@ -2,6 +2,10 @@ name: "Go: tracing with autobuilder step" description: "Checks that Go tracing works when using an autobuilder step" collection: go operatingSystems: ["ubuntu", "macos"] +osCodeQlVersions: + macos: + - linked + - nightly-latest env: DOTNET_GENERATE_ASPNET_CERTIFICATE: "false" installGo: true diff --git a/pr-checks/checks/go-tracing-custom-build-steps.yml b/pr-checks/checks/go-tracing-custom-build-steps.yml index 9ddc8a87d..b5fe5bc2a 100644 --- a/pr-checks/checks/go-tracing-custom-build-steps.yml +++ b/pr-checks/checks/go-tracing-custom-build-steps.yml @@ -2,6 +2,10 @@ name: "Go: tracing with custom build steps" description: "Checks that Go tracing traces the build when using custom build steps" collection: go operatingSystems: ["ubuntu", "macos"] +osCodeQlVersions: + macos: + - linked + - nightly-latest installGo: true steps: - uses: ./../action/init diff --git a/pr-checks/checks/go-tracing-legacy-workflow.yml b/pr-checks/checks/go-tracing-legacy-workflow.yml index a6b0da17d..b29d2044e 100644 --- a/pr-checks/checks/go-tracing-legacy-workflow.yml +++ b/pr-checks/checks/go-tracing-legacy-workflow.yml @@ -2,6 +2,10 @@ name: "Go: tracing with legacy workflow" description: "Checks that we run the autobuilder in legacy workflows with neither an autobuild step nor manual build steps" collection: go operatingSystems: ["ubuntu", "macos"] +osCodeQlVersions: + macos: + - linked + - nightly-latest env: DOTNET_GENERATE_ASPNET_CERTIFICATE: "false" installGo: true From 30ecc82e64e1e47bbe41954d05dc1d44d01fa8f5 Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Wed, 11 Mar 2026 10:41:31 +0000 Subject: [PATCH 3/8] PR checks: Replace inline arrays Lists are easier to modify --- pr-checks/checks/all-platform-bundle.yml | 8 ++++++-- pr-checks/checks/analysis-kinds.yml | 10 ++++++++-- pr-checks/checks/analyze-ref-input.yml | 3 ++- pr-checks/checks/autobuild-action.yml | 8 ++++++-- .../autobuild-direct-tracing-with-working-dir.yml | 8 ++++++-- pr-checks/checks/autobuild-working-dir.yml | 3 ++- pr-checks/checks/build-mode-autobuild.yml | 8 ++++++-- pr-checks/checks/build-mode-manual.yml | 3 ++- pr-checks/checks/build-mode-none.yml | 4 +++- pr-checks/checks/build-mode-rollback.yml | 3 ++- pr-checks/checks/cleanup-db-cluster-dir.yml | 3 ++- pr-checks/checks/config-export.yml | 4 +++- pr-checks/checks/config-input.yml | 3 ++- pr-checks/checks/cpp-deptrace-disabled.yml | 5 ++++- pr-checks/checks/cpp-deptrace-enabled-on-macos.yml | 7 +++++-- pr-checks/checks/cpp-deptrace-enabled.yml | 5 ++++- pr-checks/checks/diagnostics-export.yml | 4 +++- pr-checks/checks/export-file-baseline-information.yml | 8 ++++++-- pr-checks/checks/extractor-ram-threads.yml | 3 ++- pr-checks/checks/global-proxy.yml | 4 +++- .../go-indirect-tracing-workaround-diagnostic.yml | 3 ++- ...go-indirect-tracing-workaround-no-file-program.yml | 3 ++- pr-checks/checks/go-indirect-tracing-workaround.yml | 3 ++- pr-checks/checks/go-tracing-autobuilder.yml | 4 +++- pr-checks/checks/go-tracing-custom-build-steps.yml | 4 +++- pr-checks/checks/go-tracing-legacy-workflow.yml | 4 +++- pr-checks/checks/init-with-registries.yml | 11 +++++------ pr-checks/checks/javascript-source-root.yml | 6 +++++- pr-checks/checks/job-run-uuid-sarif.yml | 3 ++- pr-checks/checks/language-aliases.yml | 3 ++- pr-checks/checks/local-bundle.yml | 3 ++- pr-checks/checks/multi-language-autodetect.yml | 4 +++- pr-checks/checks/overlay-init-fallback.yml | 4 +++- .../packaging-codescanning-config-inputs-js.yml | 6 +++++- pr-checks/checks/packaging-config-inputs-js.yml | 6 +++++- pr-checks/checks/packaging-config-js.yml | 6 +++++- pr-checks/checks/packaging-inputs-js.yml | 6 +++++- pr-checks/checks/resolve-environment-action.yml | 5 ++++- pr-checks/checks/rubocop-multi-language.yml | 3 ++- pr-checks/checks/ruby.yml | 9 +++++++-- pr-checks/checks/split-workflow.yml | 10 ++++++++-- pr-checks/checks/start-proxy.yml | 8 ++++++-- pr-checks/checks/submit-sarif-failure.yml | 5 ++++- pr-checks/checks/swift-autobuild.yml | 6 ++++-- pr-checks/checks/swift-custom-build.yml | 8 ++++++-- pr-checks/checks/upload-ref-sha-input.yml | 3 ++- pr-checks/checks/upload-sarif.yml | 8 ++++++-- pr-checks/checks/with-checkout-path.yml | 3 ++- 48 files changed, 185 insertions(+), 66 deletions(-) diff --git a/pr-checks/checks/all-platform-bundle.yml b/pr-checks/checks/all-platform-bundle.yml index 994c91eb9..d35620706 100644 --- a/pr-checks/checks/all-platform-bundle.yml +++ b/pr-checks/checks/all-platform-bundle.yml @@ -1,7 +1,11 @@ name: "All-platform bundle" description: "Tests using an all-platform CodeQL Bundle" -operatingSystems: ["ubuntu", "macos", "windows"] -versions: ["nightly-latest"] +operatingSystems: + - ubuntu + - macos + - windows +versions: + - nightly-latest useAllPlatformBundle: "true" installGo: true installDotNet: true diff --git a/pr-checks/checks/analysis-kinds.yml b/pr-checks/checks/analysis-kinds.yml index 1fed31053..7b10f8d79 100644 --- a/pr-checks/checks/analysis-kinds.yml +++ b/pr-checks/checks/analysis-kinds.yml @@ -1,7 +1,13 @@ name: "Analysis kinds" description: "Tests basic functionality for different `analysis-kinds` inputs." -versions: ["linked", "nightly-latest"] -analysisKinds: ["code-scanning", "code-quality", "code-scanning,code-quality", "risk-assessment"] +versions: + - linked + - nightly-latest +analysisKinds: + - code-scanning + - code-quality + - code-scanning,code-quality + - risk-assessment env: CODEQL_ACTION_RISK_ASSESSMENT_ID: 1 CHECK_SCRIPT: | diff --git a/pr-checks/checks/analyze-ref-input.yml b/pr-checks/checks/analyze-ref-input.yml index f3425ec70..683d40df9 100644 --- a/pr-checks/checks/analyze-ref-input.yml +++ b/pr-checks/checks/analyze-ref-input.yml @@ -1,6 +1,7 @@ name: "Analyze: 'ref' and 'sha' from inputs" description: "Checks that specifying 'ref' and 'sha' as inputs works" -versions: ["default"] +versions: + - default installGo: true installDotNet: true steps: diff --git a/pr-checks/checks/autobuild-action.yml b/pr-checks/checks/autobuild-action.yml index b91489cc8..d46204c89 100644 --- a/pr-checks/checks/autobuild-action.yml +++ b/pr-checks/checks/autobuild-action.yml @@ -1,7 +1,11 @@ name: "autobuild-action" description: "Tests that the C# autobuild action works" -operatingSystems: ["ubuntu", "macos", "windows"] -versions: ["linked"] +operatingSystems: + - ubuntu + - macos + - windows +versions: + - linked installDotNet: true steps: - uses: ./../action/init diff --git a/pr-checks/checks/autobuild-direct-tracing-with-working-dir.yml b/pr-checks/checks/autobuild-direct-tracing-with-working-dir.yml index f492ac85a..0956b3447 100644 --- a/pr-checks/checks/autobuild-direct-tracing-with-working-dir.yml +++ b/pr-checks/checks/autobuild-direct-tracing-with-working-dir.yml @@ -3,8 +3,12 @@ description: > An end-to-end integration test of a Java repository built using 'build-mode: autobuild', with direct tracing enabled and a custom working directory specified as the input to the autobuild Action. -operatingSystems: ["ubuntu", "windows"] -versions: ["linked", "nightly-latest"] +operatingSystems: + - ubuntu + - windows +versions: + - linked + - nightly-latest installJava: true env: CODEQL_ACTION_AUTOBUILD_BUILD_MODE_DIRECT_TRACING: true diff --git a/pr-checks/checks/autobuild-working-dir.yml b/pr-checks/checks/autobuild-working-dir.yml index 77c1f73c8..5feee38f7 100644 --- a/pr-checks/checks/autobuild-working-dir.yml +++ b/pr-checks/checks/autobuild-working-dir.yml @@ -1,6 +1,7 @@ name: "Autobuild working directory" description: "Tests working-directory input of autobuild action" -versions: ["linked"] +versions: + - linked steps: - name: Test setup run: | diff --git a/pr-checks/checks/build-mode-autobuild.yml b/pr-checks/checks/build-mode-autobuild.yml index 0fc260f7b..56845f063 100644 --- a/pr-checks/checks/build-mode-autobuild.yml +++ b/pr-checks/checks/build-mode-autobuild.yml @@ -1,7 +1,11 @@ name: "Build mode autobuild" description: "An end-to-end integration test of a Java repository built using 'build-mode: autobuild'" -operatingSystems: ["ubuntu", "windows"] -versions: ["linked", "nightly-latest"] +operatingSystems: + - ubuntu + - windows +versions: + - linked + - nightly-latest installJava: true installYq: true steps: diff --git a/pr-checks/checks/build-mode-manual.yml b/pr-checks/checks/build-mode-manual.yml index a8048230c..2d7a44bdc 100644 --- a/pr-checks/checks/build-mode-manual.yml +++ b/pr-checks/checks/build-mode-manual.yml @@ -1,6 +1,7 @@ name: "Build mode manual" description: "An end-to-end integration test of a Java repository built using 'build-mode: manual'" -versions: ["nightly-latest"] +versions: + - nightly-latest installGo: true installDotNet: true steps: diff --git a/pr-checks/checks/build-mode-none.yml b/pr-checks/checks/build-mode-none.yml index 669ea7915..f35dbc2a5 100644 --- a/pr-checks/checks/build-mode-none.yml +++ b/pr-checks/checks/build-mode-none.yml @@ -1,6 +1,8 @@ name: "Build mode none" description: "An end-to-end integration test of a Java repository built using 'build-mode: none'" -versions: ["linked", "nightly-latest"] +versions: + - linked + - nightly-latest steps: - uses: ./../action/init id: init diff --git a/pr-checks/checks/build-mode-rollback.yml b/pr-checks/checks/build-mode-rollback.yml index 49bcfdd1f..cfb4dfa22 100644 --- a/pr-checks/checks/build-mode-rollback.yml +++ b/pr-checks/checks/build-mode-rollback.yml @@ -1,6 +1,7 @@ name: "Build mode rollback" description: "The build mode is rolled back from none to autobuild when the relevant feature flag is enabled." -versions: ["nightly-latest"] +versions: + - nightly-latest env: CODEQL_ACTION_DISABLE_JAVA_BUILDLESS: true steps: diff --git a/pr-checks/checks/cleanup-db-cluster-dir.yml b/pr-checks/checks/cleanup-db-cluster-dir.yml index d2cacf47e..15124fd53 100644 --- a/pr-checks/checks/cleanup-db-cluster-dir.yml +++ b/pr-checks/checks/cleanup-db-cluster-dir.yml @@ -1,6 +1,7 @@ name: "Clean up database cluster directory" description: "The database cluster directory is cleaned up if it is not empty." -versions: ["linked"] +versions: + - linked steps: - name: Add a file to the database cluster directory run: | diff --git a/pr-checks/checks/config-export.yml b/pr-checks/checks/config-export.yml index ea66ad994..17dd75845 100644 --- a/pr-checks/checks/config-export.yml +++ b/pr-checks/checks/config-export.yml @@ -1,6 +1,8 @@ name: "Config export" description: "Tests that the code scanning configuration file is exported to SARIF correctly." -versions: ["linked", "nightly-latest"] +versions: + - linked + - nightly-latest steps: - uses: ./../action/init with: diff --git a/pr-checks/checks/config-input.yml b/pr-checks/checks/config-input.yml index f139ff90e..d4dab6629 100644 --- a/pr-checks/checks/config-input.yml +++ b/pr-checks/checks/config-input.yml @@ -1,7 +1,8 @@ name: "Config input" description: "Tests specifying configuration using the config input" installNode: true -versions: ["linked"] +versions: + - linked steps: - name: Copy queries into workspace run: | diff --git a/pr-checks/checks/cpp-deptrace-disabled.yml b/pr-checks/checks/cpp-deptrace-disabled.yml index 5b6e82726..7eaddd852 100644 --- a/pr-checks/checks/cpp-deptrace-disabled.yml +++ b/pr-checks/checks/cpp-deptrace-disabled.yml @@ -1,6 +1,9 @@ name: "C/C++: disabling autoinstalling dependencies (Linux)" description: "Checks that running C/C++ autobuild with autoinstalling dependencies explicitly disabled works" -versions: ["linked", "default", "nightly-latest"] +versions: + - linked + - default + - nightly-latest env: DOTNET_GENERATE_ASPNET_CERTIFICATE: "false" steps: diff --git a/pr-checks/checks/cpp-deptrace-enabled-on-macos.yml b/pr-checks/checks/cpp-deptrace-enabled-on-macos.yml index 7180be172..5765fb002 100644 --- a/pr-checks/checks/cpp-deptrace-enabled-on-macos.yml +++ b/pr-checks/checks/cpp-deptrace-enabled-on-macos.yml @@ -1,7 +1,10 @@ name: "C/C++: autoinstalling dependencies is skipped (macOS)" description: "Checks that running C/C++ autobuild with autoinstalling dependencies explicitly enabled is a no-op on macOS" -operatingSystems: ["macos"] -versions: ["linked", "nightly-latest"] +operatingSystems: + - macos +versions: + - linked + - nightly-latest env: DOTNET_GENERATE_ASPNET_CERTIFICATE: "false" steps: diff --git a/pr-checks/checks/cpp-deptrace-enabled.yml b/pr-checks/checks/cpp-deptrace-enabled.yml index e35910a75..7a522ae86 100644 --- a/pr-checks/checks/cpp-deptrace-enabled.yml +++ b/pr-checks/checks/cpp-deptrace-enabled.yml @@ -1,6 +1,9 @@ name: "C/C++: autoinstalling dependencies (Linux)" description: "Checks that running C/C++ autobuild with autoinstalling dependencies works" -versions: ["linked", "default", "nightly-latest"] +versions: + - linked + - default + - nightly-latest env: DOTNET_GENERATE_ASPNET_CERTIFICATE: "false" steps: diff --git a/pr-checks/checks/diagnostics-export.yml b/pr-checks/checks/diagnostics-export.yml index 1b2696937..811335a7c 100644 --- a/pr-checks/checks/diagnostics-export.yml +++ b/pr-checks/checks/diagnostics-export.yml @@ -1,6 +1,8 @@ name: "Diagnostic export" description: "Tests that manually added diagnostics are correctly exported to SARIF." -versions: ["linked", "nightly-latest"] +versions: + - linked + - nightly-latest env: CODEQL_ACTION_EXPORT_DIAGNOSTICS: true steps: diff --git a/pr-checks/checks/export-file-baseline-information.yml b/pr-checks/checks/export-file-baseline-information.yml index 114aa8c43..8f882ef59 100644 --- a/pr-checks/checks/export-file-baseline-information.yml +++ b/pr-checks/checks/export-file-baseline-information.yml @@ -1,7 +1,11 @@ name: "Export file baseline information" description: "Tests that file baseline information is exported when the feature is enabled" -operatingSystems: ["ubuntu", "macos", "windows"] -versions: ["nightly-latest"] +operatingSystems: + - ubuntu + - macos + - windows +versions: + - nightly-latest installGo: true installDotNet: true env: diff --git a/pr-checks/checks/extractor-ram-threads.yml b/pr-checks/checks/extractor-ram-threads.yml index 43638af18..17ed1998e 100644 --- a/pr-checks/checks/extractor-ram-threads.yml +++ b/pr-checks/checks/extractor-ram-threads.yml @@ -1,6 +1,7 @@ name: "Extractor ram and threads options test" description: "Tests passing RAM and threads limits to extractors" -versions: ["linked"] +versions: + - linked steps: - uses: ./../action/init with: diff --git a/pr-checks/checks/global-proxy.yml b/pr-checks/checks/global-proxy.yml index 0bcb0ce31..5f90022c0 100644 --- a/pr-checks/checks/global-proxy.yml +++ b/pr-checks/checks/global-proxy.yml @@ -1,6 +1,8 @@ name: "Proxy test" description: "Tests using a proxy specified by the https_proxy environment variable" -versions: ["linked", "nightly-latest"] +versions: + - linked + - nightly-latest container: image: ubuntu:22.04 services: diff --git a/pr-checks/checks/go-indirect-tracing-workaround-diagnostic.yml b/pr-checks/checks/go-indirect-tracing-workaround-diagnostic.yml index 10acfeb43..bd48f1a12 100644 --- a/pr-checks/checks/go-indirect-tracing-workaround-diagnostic.yml +++ b/pr-checks/checks/go-indirect-tracing-workaround-diagnostic.yml @@ -2,7 +2,8 @@ name: "Go: diagnostic when Go is changed after init step" description: "Checks that we emit a diagnostic if Go is changed after the init step" # only Linux is affected # pinned to a version which does not support statically linked binaries for indirect tracing -versions: ["default"] +versions: + - default installGo: true collection: go steps: diff --git a/pr-checks/checks/go-indirect-tracing-workaround-no-file-program.yml b/pr-checks/checks/go-indirect-tracing-workaround-no-file-program.yml index c5083b601..8e3f4234b 100644 --- a/pr-checks/checks/go-indirect-tracing-workaround-no-file-program.yml +++ b/pr-checks/checks/go-indirect-tracing-workaround-no-file-program.yml @@ -2,7 +2,8 @@ name: "Go: diagnostic when `file` is not installed" description: "Checks that we emit a diagnostic if the `file` program is not installed" # only Linux is affected # pinned to a version which does not support statically linked binaries for indirect tracing -versions: ["default"] +versions: + - default installGo: true collection: go steps: diff --git a/pr-checks/checks/go-indirect-tracing-workaround.yml b/pr-checks/checks/go-indirect-tracing-workaround.yml index 222b964c7..0856e8cf5 100644 --- a/pr-checks/checks/go-indirect-tracing-workaround.yml +++ b/pr-checks/checks/go-indirect-tracing-workaround.yml @@ -2,7 +2,8 @@ name: "Go: workaround for indirect tracing" description: "Checks that our workaround for indirect tracing for Go 1.21+ on Linux works" # only Linux is affected # pinned to a version which does not support statically linked binaries for indirect tracing -versions: ["default"] +versions: + - default installGo: true collection: go steps: diff --git a/pr-checks/checks/go-tracing-autobuilder.yml b/pr-checks/checks/go-tracing-autobuilder.yml index 5f9867d37..c454fc27e 100644 --- a/pr-checks/checks/go-tracing-autobuilder.yml +++ b/pr-checks/checks/go-tracing-autobuilder.yml @@ -1,7 +1,9 @@ name: "Go: tracing with autobuilder step" description: "Checks that Go tracing works when using an autobuilder step" collection: go -operatingSystems: ["ubuntu", "macos"] +operatingSystems: + - ubuntu + - macos osCodeQlVersions: macos: - linked diff --git a/pr-checks/checks/go-tracing-custom-build-steps.yml b/pr-checks/checks/go-tracing-custom-build-steps.yml index b5fe5bc2a..31c4f27c3 100644 --- a/pr-checks/checks/go-tracing-custom-build-steps.yml +++ b/pr-checks/checks/go-tracing-custom-build-steps.yml @@ -1,7 +1,9 @@ name: "Go: tracing with custom build steps" description: "Checks that Go tracing traces the build when using custom build steps" collection: go -operatingSystems: ["ubuntu", "macos"] +operatingSystems: + - ubuntu + - macos osCodeQlVersions: macos: - linked diff --git a/pr-checks/checks/go-tracing-legacy-workflow.yml b/pr-checks/checks/go-tracing-legacy-workflow.yml index b29d2044e..5431fac0f 100644 --- a/pr-checks/checks/go-tracing-legacy-workflow.yml +++ b/pr-checks/checks/go-tracing-legacy-workflow.yml @@ -1,7 +1,9 @@ name: "Go: tracing with legacy workflow" description: "Checks that we run the autobuilder in legacy workflows with neither an autobuild step nor manual build steps" collection: go -operatingSystems: ["ubuntu", "macos"] +operatingSystems: + - ubuntu + - macos osCodeQlVersions: macos: - linked diff --git a/pr-checks/checks/init-with-registries.yml b/pr-checks/checks/init-with-registries.yml index cedc62aab..69e2188de 100644 --- a/pr-checks/checks/init-with-registries.yml +++ b/pr-checks/checks/init-with-registries.yml @@ -4,12 +4,11 @@ # basic mechanics of multi-registry auth is working. name: "Packaging: Download using registries" description: "Checks that specifying a registries block and associated auth works as expected" -versions: [ - # This feature is not compatible with older CLIs - "default", - "linked", - "nightly-latest", -] +versions: + # This feature is not compatible with older CLIs + - default + - linked + - nightly-latest permissions: contents: read diff --git a/pr-checks/checks/javascript-source-root.yml b/pr-checks/checks/javascript-source-root.yml index b06dc7bfa..c814e77e4 100644 --- a/pr-checks/checks/javascript-source-root.yml +++ b/pr-checks/checks/javascript-source-root.yml @@ -1,6 +1,10 @@ name: "Custom source root" description: "Checks that the argument specifying a non-default source root works" -versions: ["linked", "default", "nightly-latest"] # This feature is not compatible with old CLIs +# This feature is not compatible with old CLIs +versions: + - linked + - default + - nightly-latest steps: - name: Move codeql-action run: | diff --git a/pr-checks/checks/job-run-uuid-sarif.yml b/pr-checks/checks/job-run-uuid-sarif.yml index 815d88000..b37821d5a 100644 --- a/pr-checks/checks/job-run-uuid-sarif.yml +++ b/pr-checks/checks/job-run-uuid-sarif.yml @@ -1,6 +1,7 @@ name: "Job run UUID added to SARIF" description: "Tests that the job run UUID is added to the SARIF output" -versions: ["nightly-latest"] +versions: + - nightly-latest steps: - uses: ./../action/init id: init diff --git a/pr-checks/checks/language-aliases.yml b/pr-checks/checks/language-aliases.yml index b0db1288a..8fcde341d 100644 --- a/pr-checks/checks/language-aliases.yml +++ b/pr-checks/checks/language-aliases.yml @@ -1,6 +1,7 @@ name: "Language aliases" description: "Tests that language aliases are resolved correctly" -versions: ["linked"] +versions: + - linked steps: - uses: ./../action/init with: diff --git a/pr-checks/checks/local-bundle.yml b/pr-checks/checks/local-bundle.yml index 2d090d432..52e3ff552 100644 --- a/pr-checks/checks/local-bundle.yml +++ b/pr-checks/checks/local-bundle.yml @@ -1,6 +1,7 @@ name: "Local CodeQL bundle" description: "Tests using a CodeQL bundle from a local file rather than a URL" -versions: ["linked"] +versions: + - linked installGo: true installDotNet: true steps: diff --git a/pr-checks/checks/multi-language-autodetect.yml b/pr-checks/checks/multi-language-autodetect.yml index 90b342c1a..688b58318 100644 --- a/pr-checks/checks/multi-language-autodetect.yml +++ b/pr-checks/checks/multi-language-autodetect.yml @@ -1,6 +1,8 @@ name: "Multi-language repository" description: "An end-to-end integration test of a multi-language repository using automatic language detection for macOS" -operatingSystems: ["macos", "ubuntu"] +operatingSystems: + - macos + - ubuntu env: CODEQL_ACTION_RESOLVE_SUPPORTED_LANGUAGES_USING_CLI: true installGo: true diff --git a/pr-checks/checks/overlay-init-fallback.yml b/pr-checks/checks/overlay-init-fallback.yml index bfcfd27e7..26d8c8567 100644 --- a/pr-checks/checks/overlay-init-fallback.yml +++ b/pr-checks/checks/overlay-init-fallback.yml @@ -1,6 +1,8 @@ name: "Overlay database init fallback" description: "Tests that overlay init action succeeds with non-overlay packs" -versions: ["linked", "nightly-latest"] +versions: + - linked + - nightly-latest steps: - uses: ./../action/init with: diff --git a/pr-checks/checks/packaging-codescanning-config-inputs-js.yml b/pr-checks/checks/packaging-codescanning-config-inputs-js.yml index 20fd16a48..aadce0662 100644 --- a/pr-checks/checks/packaging-codescanning-config-inputs-js.yml +++ b/pr-checks/checks/packaging-codescanning-config-inputs-js.yml @@ -1,6 +1,10 @@ name: "Packaging: Config and input passed to the CLI" description: "Checks that specifying packages using a combination of a config file and input to the Action works" -versions: ["linked", "default", "nightly-latest"] # This feature is not compatible with old CLIs +# This feature is not compatible with old CLIs +versions: + - linked + - default + - nightly-latest installGo: true installNode: true installDotNet: true diff --git a/pr-checks/checks/packaging-config-inputs-js.yml b/pr-checks/checks/packaging-config-inputs-js.yml index 8df42f944..9d0ed1375 100644 --- a/pr-checks/checks/packaging-config-inputs-js.yml +++ b/pr-checks/checks/packaging-config-inputs-js.yml @@ -1,6 +1,10 @@ name: "Packaging: Config and input" description: "Checks that specifying packages using a combination of a config file and input to the Action works" -versions: ["linked", "default", "nightly-latest"] # This feature is not compatible with old CLIs +# This feature is not compatible with old CLIs +versions: + - linked + - default + - nightly-latest installGo: true installNode: true installDotNet: true diff --git a/pr-checks/checks/packaging-config-js.yml b/pr-checks/checks/packaging-config-js.yml index 9fa41061c..d10a21f86 100644 --- a/pr-checks/checks/packaging-config-js.yml +++ b/pr-checks/checks/packaging-config-js.yml @@ -1,6 +1,10 @@ name: "Packaging: Config file" description: "Checks that specifying packages using only a config file works" -versions: ["linked", "default", "nightly-latest"] # This feature is not compatible with old CLIs +# This feature is not compatible with old CLIs +versions: + - linked + - default + - nightly-latest installGo: true installNode: true installDotNet: true diff --git a/pr-checks/checks/packaging-inputs-js.yml b/pr-checks/checks/packaging-inputs-js.yml index bb70de7e6..c3adbaaa1 100644 --- a/pr-checks/checks/packaging-inputs-js.yml +++ b/pr-checks/checks/packaging-inputs-js.yml @@ -1,6 +1,10 @@ name: "Packaging: Action input" description: "Checks that specifying packages using the input to the Action works" -versions: ["linked", "default", "nightly-latest"] # This feature is not compatible with old CLIs +# This feature is not compatible with old CLIs +versions: + - linked + - default + - nightly-latest installGo: true installNode: true installDotNet: true diff --git a/pr-checks/checks/resolve-environment-action.yml b/pr-checks/checks/resolve-environment-action.yml index 9722b7228..d06d74af2 100644 --- a/pr-checks/checks/resolve-environment-action.yml +++ b/pr-checks/checks/resolve-environment-action.yml @@ -1,6 +1,9 @@ name: "Resolve environment" description: "Tests that the resolve-environment action works for Go and JavaScript/TypeScript" -versions: ["default", "linked", "nightly-latest"] +versions: + - default + - linked + - nightly-latest steps: - uses: ./../action/init with: diff --git a/pr-checks/checks/rubocop-multi-language.yml b/pr-checks/checks/rubocop-multi-language.yml index e88ddbeda..a6e7ad860 100644 --- a/pr-checks/checks/rubocop-multi-language.yml +++ b/pr-checks/checks/rubocop-multi-language.yml @@ -1,7 +1,8 @@ name: "RuboCop multi-language" description: "Tests using RuboCop to analyze a multi-language repository and then using the CodeQL Action to upload the resulting SARIF" # This check doesn't use CodeQL, so the `version` matrix variable is unused. -versions: ["default"] +versions: + - default steps: - name: Set up Ruby uses: ruby/setup-ruby@09a7688d3b55cf0e976497ff046b70949eeaccfd # v1.288.0 diff --git a/pr-checks/checks/ruby.yml b/pr-checks/checks/ruby.yml index e6208755d..fe061c085 100644 --- a/pr-checks/checks/ruby.yml +++ b/pr-checks/checks/ruby.yml @@ -1,7 +1,12 @@ name: "Ruby analysis" description: "Tests creation of a Ruby database" -versions: ["linked", "default", "nightly-latest"] -operatingSystems: ["ubuntu", "macos"] +versions: + - linked + - default + - nightly-latest +operatingSystems: + - ubuntu + - macos steps: - uses: ./../action/init with: diff --git a/pr-checks/checks/split-workflow.yml b/pr-checks/checks/split-workflow.yml index 23f82a7a5..4f7128c85 100644 --- a/pr-checks/checks/split-workflow.yml +++ b/pr-checks/checks/split-workflow.yml @@ -1,7 +1,13 @@ name: "Split workflow" description: "Tests a split-up workflow in which we first build a database and later analyze it" -operatingSystems: ["ubuntu", "macos"] -versions: ["linked", "default", "nightly-latest"] # This feature is not compatible with old CLIs +operatingSystems: + - ubuntu + - macos +# This feature is not compatible with old CLIs +versions: + - linked + - default + - nightly-latest installGo: true installDotNet: true steps: diff --git a/pr-checks/checks/start-proxy.yml b/pr-checks/checks/start-proxy.yml index b918b7a63..acd6417fb 100644 --- a/pr-checks/checks/start-proxy.yml +++ b/pr-checks/checks/start-proxy.yml @@ -1,7 +1,11 @@ name: "Start proxy" description: "Tests that the proxy can be initialised on all platforms" -operatingSystems: ["ubuntu", "macos", "windows"] -versions: ["linked"] +operatingSystems: + - ubuntu + - macos + - windows +versions: + - linked steps: - uses: ./../action/init with: diff --git a/pr-checks/checks/submit-sarif-failure.yml b/pr-checks/checks/submit-sarif-failure.yml index 5db63bb81..e776e23c2 100644 --- a/pr-checks/checks/submit-sarif-failure.yml +++ b/pr-checks/checks/submit-sarif-failure.yml @@ -1,6 +1,9 @@ name: Submit SARIF after failure description: Check that a SARIF file is submitted for the workflow run if it fails -versions: ["linked", "default", "nightly-latest"] +versions: + - linked + - default + - nightly-latest env: # Internal-only environment variable used to indicate that the post-init Action diff --git a/pr-checks/checks/swift-autobuild.yml b/pr-checks/checks/swift-autobuild.yml index a9880149b..e9949c12e 100644 --- a/pr-checks/checks/swift-autobuild.yml +++ b/pr-checks/checks/swift-autobuild.yml @@ -1,7 +1,9 @@ name: "Swift analysis using autobuild" description: "Tests creation of a Swift database using autobuild" -versions: ["nightly-latest"] -operatingSystems: ["macos"] +versions: + - nightly-latest +operatingSystems: + - macos steps: - uses: ./../action/init id: init diff --git a/pr-checks/checks/swift-custom-build.yml b/pr-checks/checks/swift-custom-build.yml index 1c8f1bf3a..7a07d5b7e 100644 --- a/pr-checks/checks/swift-custom-build.yml +++ b/pr-checks/checks/swift-custom-build.yml @@ -1,7 +1,11 @@ name: "Swift analysis using a custom build command" description: "Tests creation of a Swift database using custom build" -versions: ["linked", "default", "nightly-latest"] -operatingSystems: ["macos"] +versions: + - linked + - default + - nightly-latest +operatingSystems: + - macos installGo: true installDotNet: true env: diff --git a/pr-checks/checks/upload-ref-sha-input.yml b/pr-checks/checks/upload-ref-sha-input.yml index 95b753b2b..970082715 100644 --- a/pr-checks/checks/upload-ref-sha-input.yml +++ b/pr-checks/checks/upload-ref-sha-input.yml @@ -1,6 +1,7 @@ name: "Upload-sarif: 'ref' and 'sha' from inputs" description: "Checks that specifying 'ref' and 'sha' as inputs works" -versions: ["default"] +versions: + - default installGo: true installDotNet: true steps: diff --git a/pr-checks/checks/upload-sarif.yml b/pr-checks/checks/upload-sarif.yml index 403cdab3a..8056a5179 100644 --- a/pr-checks/checks/upload-sarif.yml +++ b/pr-checks/checks/upload-sarif.yml @@ -1,7 +1,11 @@ name: "Test different uses of `upload-sarif`" description: "Checks that uploading SARIFs to the code quality endpoint works" -versions: ["default"] -analysisKinds: ["code-scanning", "code-quality", "code-scanning,code-quality"] +versions: + - default +analysisKinds: + - code-scanning + - code-quality + - code-scanning,code-quality installGo: true installDotNet: true steps: diff --git a/pr-checks/checks/with-checkout-path.yml b/pr-checks/checks/with-checkout-path.yml index 6f69d45d8..c53e3b415 100644 --- a/pr-checks/checks/with-checkout-path.yml +++ b/pr-checks/checks/with-checkout-path.yml @@ -1,6 +1,7 @@ name: "Use a custom `checkout_path`" description: "Checks that a custom `checkout_path` will find the proper commit_oid" -versions: ["linked"] +versions: + - linked installGo: true installDotNet: true steps: From 117bf916af3927f5755777cbd6dd23ce4334ba3a Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Wed, 11 Mar 2026 14:39:20 +0000 Subject: [PATCH 4/8] Sort OS list and versions consistently --- .github/workflows/__bundle-toolcache.yml | 4 ++-- .github/workflows/__bundle-zstd.yml | 4 ++-- .../workflows/__multi-language-autodetect.yml | 20 +++++++++---------- .../__resolve-environment-action.yml | 4 ++-- pr-checks/checks/bundle-toolcache.yml | 2 +- pr-checks/checks/bundle-zstd.yml | 2 +- .../checks/multi-language-autodetect.yml | 4 ++-- .../checks/resolve-environment-action.yml | 2 +- 8 files changed, 21 insertions(+), 21 deletions(-) diff --git a/.github/workflows/__bundle-toolcache.yml b/.github/workflows/__bundle-toolcache.yml index 7b5e8d139..760647587 100644 --- a/.github/workflows/__bundle-toolcache.yml +++ b/.github/workflows/__bundle-toolcache.yml @@ -39,10 +39,10 @@ jobs: fail-fast: false matrix: include: - - os: macos-latest - version: linked - os: ubuntu-latest version: linked + - os: macos-latest + version: linked - os: windows-latest version: linked name: 'Bundle: Caching checks' diff --git a/.github/workflows/__bundle-zstd.yml b/.github/workflows/__bundle-zstd.yml index ede1e320c..85e069526 100644 --- a/.github/workflows/__bundle-zstd.yml +++ b/.github/workflows/__bundle-zstd.yml @@ -39,10 +39,10 @@ jobs: fail-fast: false matrix: include: - - os: macos-latest - version: linked - os: ubuntu-latest version: linked + - os: macos-latest + version: linked - os: windows-latest version: linked name: 'Bundle: Zstandard checks' diff --git a/.github/workflows/__multi-language-autodetect.yml b/.github/workflows/__multi-language-autodetect.yml index e1fea295e..33dbd2f69 100644 --- a/.github/workflows/__multi-language-autodetect.yml +++ b/.github/workflows/__multi-language-autodetect.yml @@ -59,41 +59,41 @@ jobs: fail-fast: false matrix: include: - - os: macos-latest - version: stable-v2.17.6 - os: ubuntu-latest version: stable-v2.17.6 - os: macos-latest - version: stable-v2.18.4 + version: stable-v2.17.6 - os: ubuntu-latest version: stable-v2.18.4 - os: macos-latest - version: stable-v2.19.4 + version: stable-v2.18.4 - os: ubuntu-latest version: stable-v2.19.4 - os: macos-latest - version: stable-v2.20.7 + version: stable-v2.19.4 - os: ubuntu-latest version: stable-v2.20.7 - os: macos-latest - version: stable-v2.21.4 + version: stable-v2.20.7 - os: ubuntu-latest version: stable-v2.21.4 - os: macos-latest - version: stable-v2.22.4 + version: stable-v2.21.4 - os: ubuntu-latest version: stable-v2.22.4 - os: macos-latest - version: default + version: stable-v2.22.4 - os: ubuntu-latest version: default - os: macos-latest - version: linked + version: default - os: ubuntu-latest version: linked - os: macos-latest + version: linked + - os: ubuntu-latest version: nightly-latest - - os: ubuntu-latest + - os: macos-latest version: nightly-latest name: Multi-language repository if: github.triggering_actor != 'dependabot[bot]' diff --git a/.github/workflows/__resolve-environment-action.yml b/.github/workflows/__resolve-environment-action.yml index 8b3391064..982e4e715 100644 --- a/.github/workflows/__resolve-environment-action.yml +++ b/.github/workflows/__resolve-environment-action.yml @@ -39,10 +39,10 @@ jobs: fail-fast: false matrix: include: - - os: ubuntu-latest - version: default - os: ubuntu-latest version: linked + - os: ubuntu-latest + version: default - os: ubuntu-latest version: nightly-latest name: Resolve environment diff --git a/pr-checks/checks/bundle-toolcache.yml b/pr-checks/checks/bundle-toolcache.yml index eb196419e..f5315d285 100644 --- a/pr-checks/checks/bundle-toolcache.yml +++ b/pr-checks/checks/bundle-toolcache.yml @@ -3,8 +3,8 @@ description: "The CodeQL bundle should be cached within the toolcache" versions: - linked operatingSystems: - - macos - ubuntu + - macos - windows steps: - name: Remove CodeQL from toolcache diff --git a/pr-checks/checks/bundle-zstd.yml b/pr-checks/checks/bundle-zstd.yml index 002334523..810f0b0c1 100644 --- a/pr-checks/checks/bundle-zstd.yml +++ b/pr-checks/checks/bundle-zstd.yml @@ -3,8 +3,8 @@ description: "A Zstandard CodeQL bundle should be extracted on supported operati versions: - linked operatingSystems: - - macos - ubuntu + - macos - windows steps: - name: Remove CodeQL from toolcache diff --git a/pr-checks/checks/multi-language-autodetect.yml b/pr-checks/checks/multi-language-autodetect.yml index 688b58318..e005a9239 100644 --- a/pr-checks/checks/multi-language-autodetect.yml +++ b/pr-checks/checks/multi-language-autodetect.yml @@ -1,8 +1,8 @@ name: "Multi-language repository" -description: "An end-to-end integration test of a multi-language repository using automatic language detection for macOS" +description: "An end-to-end integration test of a multi-language repository using automatic language detection" operatingSystems: - - macos - ubuntu + - macos env: CODEQL_ACTION_RESOLVE_SUPPORTED_LANGUAGES_USING_CLI: true installGo: true diff --git a/pr-checks/checks/resolve-environment-action.yml b/pr-checks/checks/resolve-environment-action.yml index d06d74af2..4ea1bfad4 100644 --- a/pr-checks/checks/resolve-environment-action.yml +++ b/pr-checks/checks/resolve-environment-action.yml @@ -1,8 +1,8 @@ name: "Resolve environment" description: "Tests that the resolve-environment action works for Go and JavaScript/TypeScript" versions: - - default - linked + - default - nightly-latest steps: - uses: ./../action/init From 44720043ea02bc0b20862ebb2f15c46aa2f52ec4 Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Wed, 11 Mar 2026 18:18:30 +0000 Subject: [PATCH 5/8] CI: Set up Node.js 24 in rebuild workflow --- .github/workflows/rebuild.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/rebuild.yml b/.github/workflows/rebuild.yml index 095c0726f..a2248588f 100644 --- a/.github/workflows/rebuild.yml +++ b/.github/workflows/rebuild.yml @@ -29,6 +29,12 @@ jobs: fetch-depth: 0 ref: ${{ env.HEAD_REF }} + - name: Set up Node.js + uses: actions/setup-node@v6 + with: + node-version: 24 + cache: 'npm' + - name: Remove label if: github.event_name == 'pull_request' env: From 6fb1c2a3004725c45e921c71220a7c32e4cf618c Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Wed, 11 Mar 2026 18:23:04 +0000 Subject: [PATCH 6/8] Fix merge in progress detection --- .github/workflows/rebuild.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/rebuild.yml b/.github/workflows/rebuild.yml index a2248588f..116cab82b 100644 --- a/.github/workflows/rebuild.yml +++ b/.github/workflows/rebuild.yml @@ -55,8 +55,12 @@ jobs: git fetch origin "$BASE_BRANCH" # Allow merge conflicts in `lib`, since rebuilding should resolve them. - git merge "origin/$BASE_BRANCH" || echo "Merge conflicts detected, continuing." - MERGE_RESULT=$? + if git merge "origin/$BASE_BRANCH"; then + MERGE_RESULT=0 + else + MERGE_RESULT=$? + echo "Merge conflicts detected, continuing." + fi if [ "$MERGE_RESULT" -ne 0 ]; then echo "merge-in-progress=true" >> $GITHUB_OUTPUT From 5f3f250f837f5ea4139247a18a69fe4049012fde Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Wed, 11 Mar 2026 18:24:00 +0000 Subject: [PATCH 7/8] Fix finishing up in progress merge --- .github/workflows/rebuild.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/rebuild.yml b/.github/workflows/rebuild.yml index 116cab82b..c604c8aab 100644 --- a/.github/workflows/rebuild.yml +++ b/.github/workflows/rebuild.yml @@ -114,7 +114,7 @@ jobs: # Otherwise, just commit the changes. if git rev-parse --verify MERGE_HEAD >/dev/null 2>&1; then echo "In progress merge detected, finishing it up." - git merge --continue --no-edit + git commit --no-edit else echo "No in-progress merge detected, committing changes." git commit -m "Rebuild" From 567ca73ff8a049da10768b63cac275c984d2e9fe Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Wed, 11 Mar 2026 18:40:22 +0000 Subject: [PATCH 8/8] Address review comments --- .github/workflows/rebuild.yml | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/.github/workflows/rebuild.yml b/.github/workflows/rebuild.yml index c604c8aab..f4c2230e9 100644 --- a/.github/workflows/rebuild.yml +++ b/.github/workflows/rebuild.yml @@ -34,6 +34,9 @@ jobs: with: node-version: 24 cache: 'npm' + cache-dependency-path: | + package-lock.json + pr-checks/package-lock.json - name: Remove label if: github.event_name == 'pull_request' @@ -55,11 +58,16 @@ jobs: git fetch origin "$BASE_BRANCH" # Allow merge conflicts in `lib`, since rebuilding should resolve them. - if git merge "origin/$BASE_BRANCH"; then - MERGE_RESULT=0 + git merge "origin/$BASE_BRANCH" + MERGE_RESULT=$? + + if [ "$MERGE_RESULT" -eq 0 ]; then + echo "Merge succeeded cleanly." + elif [ "$MERGE_RESULT" -eq 1 ]; then + echo "Merge conflicts detected (exit code $MERGE_RESULT), continuing." else - MERGE_RESULT=$? - echo "Merge conflicts detected, continuing." + echo "git merge failed with unexpected exit code $MERGE_RESULT." + exit 1 fi if [ "$MERGE_RESULT" -ne 0 ]; then