actions/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action synced 2026-05-25 15:00:36 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3894 from github/henrymercer/require-codeql-2.19.4

Browse Source 
Bump minimum CodeQL CLI version to 2.19.4
This commit is contained in:
Henry Mercer
2026-05-18 14:55:40 +00:00
committed by GitHub
parent b71f5aebfc e94195c896
commit c8a3492b26
18 changed files with 85 additions and 84 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/__go-tracing-autobuilder.yml
Generated
+4 -4
View File
@@ -49,10 +49,6 @@ jobs:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: stable-v2.17.6
- os: ubuntu-latest
version: stable-v2.18.4
- os: ubuntu-latest
version: stable-v2.19.4
- os: ubuntu-latest
@@ -61,6 +57,10 @@ jobs:
version: stable-v2.21.4
- os: ubuntu-latest
version: stable-v2.22.4
- os: ubuntu-latest
version: stable-v2.23.9
- os: ubuntu-latest
version: stable-v2.24.3
- os: ubuntu-latest
version: default
- os: ubuntu-latest
.github/workflows/__go-tracing-custom-build-steps.yml
Generated
+4 -4
View File
@@ -49,10 +49,6 @@ jobs:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: stable-v2.17.6
- os: ubuntu-latest
version: stable-v2.18.4
- os: ubuntu-latest
version: stable-v2.19.4
- os: ubuntu-latest
@@ -61,6 +57,10 @@ jobs:
version: stable-v2.21.4
- os: ubuntu-latest
version: stable-v2.22.4
- os: ubuntu-latest
version: stable-v2.23.9
- os: ubuntu-latest
version: stable-v2.24.3
- os: ubuntu-latest
version: default
- os: ubuntu-latest
.github/workflows/__go-tracing-legacy-workflow.yml
Generated
+4 -4
View File
@@ -49,10 +49,6 @@ jobs:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: stable-v2.17.6
- os: ubuntu-latest
version: stable-v2.18.4
- os: ubuntu-latest
version: stable-v2.19.4
- os: ubuntu-latest
@@ -61,6 +57,10 @@ jobs:
version: stable-v2.21.4
- os: ubuntu-latest
version: stable-v2.22.4
- os: ubuntu-latest
version: stable-v2.23.9
- os: ubuntu-latest
version: stable-v2.24.3
- os: ubuntu-latest
version: default
- os: ubuntu-latest
.github/workflows/__multi-language-autodetect.yml
Generated
+8 -8
View File
@@ -59,14 +59,6 @@ jobs:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: stable-v2.17.6
- os: macos-latest-xlarge
version: stable-v2.17.6
- os: ubuntu-latest
version: stable-v2.18.4
- os: macos-latest-xlarge
version: stable-v2.18.4
- os: ubuntu-latest
version: stable-v2.19.4
- os: macos-latest-xlarge
@@ -83,6 +75,14 @@ jobs:
version: stable-v2.22.4
- os: macos-latest-xlarge
version: stable-v2.22.4
- os: ubuntu-latest
version: stable-v2.23.9
- os: macos-latest-xlarge
version: stable-v2.23.9
- os: ubuntu-latest
version: stable-v2.24.3
- os: macos-latest-xlarge
version: stable-v2.24.3
- os: ubuntu-latest
version: default
- os: macos-latest-xlarge
.github/workflows/__rust.yml
Generated
+1 -1
View File
@@ -40,7 +40,7 @@ jobs:
matrix:
include:
- os: ubuntu-latest
version: stable-v2.19.3
version: stable-v2.19.4
- os: ubuntu-latest
version: stable-v2.22.1
- os: ubuntu-latest
CHANGELOG.md
+1
View File
@@ -4,6 +4,7 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th
## [UNRELEASED]
- _Breaking change_: Bump the minimum required CodeQL bundle version to 2.19.4. [#3894](https://github.com/github/codeql-action/pull/3894)
- Add support for SHA-256 Git object IDs. [#3893](https://github.com/github/codeql-action/pull/3893)
## 4.35.5 - 15 May 2026
README.md
-2
View File
@@ -78,8 +78,6 @@ We typically release new minor versions of the CodeQL Action and Bundle when a n
| `v3.28.21` | `2.21.3` | Enterprise Server 3.18 | |
| `v3.28.12` | `2.20.7` | Enterprise Server 3.17 | |
| `v3.28.6` | `2.20.3` | Enterprise Server 3.16 | |
| `v3.28.6` | `2.20.3` | Enterprise Server 3.15 | |
| `v3.28.6` | `2.20.3` | Enterprise Server 3.14 | |
See the full list of GHES release and deprecation dates at [GitHub Enterprise Server releases](https://docs.github.com/en/enterprise-server/admin/all-releases#releases-of-github-enterprise-server).
lib/entry-points.js
Generated
+14 -13
View File
@@ -148304,7 +148304,7 @@ function getDiffRangesJsonFilePath() {
return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME);
}
function getActionVersion() {
return "4.35.6";
return "4.36.0";
}
function getWorkflowEventName() {
return getRequiredEnvParam("GITHUB_EVENT_NAME");
@@ -153719,7 +153719,7 @@ async function getCombinedTracerConfig(codeql, config) {
// src/codeql.ts
var cachedCodeQL = void 0;
var CODEQL_MINIMUM_VERSION = "2.17.6";
var CODEQL_MINIMUM_VERSION = "2.19.4";
var CODEQL_NEXT_MINIMUM_VERSION = "2.19.4";
var GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.15";
var GHES_MOST_RECENT_DEPRECATION_DATE = "2026-04-09";
@@ -153846,10 +153846,6 @@ async function getCodeQLForCmd(cmd, checkVersion) {
if (qlconfigFile !== void 0) {
extraArgs.push(`--qlconfig-file=${qlconfigFile}`);
}
const overwriteFlag = isSupportedToolsFeature(
await this.getVersion(),
"forceOverwrite" /* ForceOverwrite */
) ? "--force-overwrite" : "--overwrite";
const overlayDatabaseMode = config.overlayDatabaseMode;
if (overlayDatabaseMode === "overlay" /* Overlay */) {
const overlayChangesFile = await writeOverlayChangesFile(
@@ -153870,7 +153866,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
[
"database",
"init",
...overlayDatabaseMode === "overlay" /* Overlay */ ? [] : [overwriteFlag],
...overlayDatabaseMode === "overlay" /* Overlay */ ? [] : ["--force-overwrite"],
"--db-cluster",
config.dbLocation,
`--source-root=${sourceRoot}`,
@@ -153881,7 +153877,14 @@ async function getCodeQLForCmd(cmd, checkVersion) {
// Some user configs specify `--no-calculate-baseline` as an additional
// argument to `codeql database init`. Therefore ignore the baseline file
// options here to avoid specifying the same argument twice and erroring.
ignoringOptions: ["--overwrite", ...baselineFilesOptions]
//
// Ignore `--overwrite` to avoid passing both `--force-overwrite` and `--overwrite` if
// the user has configured `--overwrite`.
ignoringOptions: [
"--force-overwrite",
"--overwrite",
...baselineFilesOptions
]
})
],
{ stdin: externalRepositoryToken }
@@ -154046,7 +154049,7 @@ ${output}`
"--sarif-group-rules-by-pack",
"--sarif-include-query-help=always",
"--sublanguage-file-coverage",
...await getJobRunUuidSarifOptions(this),
...await getJobRunUuidSarifOptions(),
...getExtraOptionsFromEnv(["database", "interpret-results"])
];
if (sarifRunPropertyFlag !== void 0) {
@@ -154327,11 +154330,9 @@ function applyAutobuildAzurePipelinesTimeoutFix() {
"-Dmaven.wagon.http.pool=false"
].join(" ");
}
async function getJobRunUuidSarifOptions(codeql) {
async function getJobRunUuidSarifOptions() {
const jobRunUuid = process.env["JOB_RUN_UUID" /* JOB_RUN_UUID */];
return jobRunUuid && await codeql.supportsFeature(
"databaseInterpretResultsSupportsSarifRunProperty" /* DatabaseInterpretResultsSupportsSarifRunProperty */
) ? [`--sarif-run-property=jobRunUuid=${jobRunUuid}`] : [];
return jobRunUuid ? [`--sarif-run-property=jobRunUuid=${jobRunUuid}`] : [];
}
// src/autobuild.ts
lib/upload-lib.js
Generated
+14 -13
View File
@@ -88509,7 +88509,7 @@ function getDiffRangesJsonFilePath() {
return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME);
}
function getActionVersion() {
return "4.35.6";
return "4.36.0";
}
function getWorkflowEventName() {
return getRequiredEnvParam("GITHUB_EVENT_NAME");
@@ -91212,7 +91212,7 @@ async function shouldEnableIndirectTracing(codeql, config) {
// src/codeql.ts
var cachedCodeQL = void 0;
var CODEQL_MINIMUM_VERSION = "2.17.6";
var CODEQL_MINIMUM_VERSION = "2.19.4";
var CODEQL_NEXT_MINIMUM_VERSION = "2.19.4";
var GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.15";
var GHES_MOST_RECENT_DEPRECATION_DATE = "2026-04-09";
@@ -91339,10 +91339,6 @@ async function getCodeQLForCmd(cmd, checkVersion) {
if (qlconfigFile !== void 0) {
extraArgs.push(`--qlconfig-file=${qlconfigFile}`);
}
const overwriteFlag = isSupportedToolsFeature(
await this.getVersion(),
"forceOverwrite" /* ForceOverwrite */
) ? "--force-overwrite" : "--overwrite";
const overlayDatabaseMode = config.overlayDatabaseMode;
if (overlayDatabaseMode === "overlay" /* Overlay */) {
const overlayChangesFile = await writeOverlayChangesFile(
@@ -91363,7 +91359,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
[
"database",
"init",
...overlayDatabaseMode === "overlay" /* Overlay */ ? [] : [overwriteFlag],
...overlayDatabaseMode === "overlay" /* Overlay */ ? [] : ["--force-overwrite"],
"--db-cluster",
config.dbLocation,
`--source-root=${sourceRoot}`,
@@ -91374,7 +91370,14 @@ async function getCodeQLForCmd(cmd, checkVersion) {
// Some user configs specify `--no-calculate-baseline` as an additional
// argument to `codeql database init`. Therefore ignore the baseline file
// options here to avoid specifying the same argument twice and erroring.
ignoringOptions: ["--overwrite", ...baselineFilesOptions]
//
// Ignore `--overwrite` to avoid passing both `--force-overwrite` and `--overwrite` if
// the user has configured `--overwrite`.
ignoringOptions: [
"--force-overwrite",
"--overwrite",
...baselineFilesOptions
]
})
],
{ stdin: externalRepositoryToken }
@@ -91539,7 +91542,7 @@ ${output}`
"--sarif-group-rules-by-pack",
"--sarif-include-query-help=always",
"--sublanguage-file-coverage",
...await getJobRunUuidSarifOptions(this),
...await getJobRunUuidSarifOptions(),
...getExtraOptionsFromEnv(["database", "interpret-results"])
];
if (sarifRunPropertyFlag !== void 0) {
@@ -91820,11 +91823,9 @@ function applyAutobuildAzurePipelinesTimeoutFix() {
"-Dmaven.wagon.http.pool=false"
].join(" ");
}
async function getJobRunUuidSarifOptions(codeql) {
async function getJobRunUuidSarifOptions() {
const jobRunUuid = process.env["JOB_RUN_UUID" /* JOB_RUN_UUID */];
return jobRunUuid && await codeql.supportsFeature(
"databaseInterpretResultsSupportsSarifRunProperty" /* DatabaseInterpretResultsSupportsSarifRunProperty */
) ? [`--sarif-run-property=jobRunUuid=${jobRunUuid}`] : [];
return jobRunUuid ? [`--sarif-run-property=jobRunUuid=${jobRunUuid}`] : [];
}
// src/fingerprints.ts
package-lock.json
Generated
+2 -2
View File
@@ -1,12 +1,12 @@
{
"name": "codeql",
"version": "4.35.6",
"version": "4.36.0",
"lockfileVersion": 3,
"requires": true,
"packages": {
"": {
"name": "codeql",
"version": "4.35.6",
"version": "4.36.0",
"license": "MIT",
"workspaces": [
"pr-checks"
package.json
+1 -1
View File
@@ -1,6 +1,6 @@
{
"name": "codeql",
"version": "4.35.6",
"version": "4.36.0",
"private": true,
"description": "CodeQL action",
"scripts": {
pr-checks/checks/rust.yml
+1 -1
View File
@@ -2,7 +2,7 @@ name: "Rust analysis"
description: "Tests creation of a Rust database"
versions:
# experimental rust support introduced, requires action to set `CODEQL_ENABLE_EXPERIMENTAL_FEATURES`
- stable-v2.19.3
- stable-v2.19.4
# first public preview version
- stable-v2.22.1
- linked
pr-checks/sync.ts
+4 -4
View File
@@ -115,10 +115,6 @@ type LanguageSetups = Partial<Record<BuiltInLanguage, LanguageSetup>>;
// The default set of CodeQL Bundle versions to use for the PR checks.
const defaultTestVersions = [
// The oldest supported CodeQL version. If bumping, update `CODEQL_MINIMUM_VERSION` in `codeql.ts`
"stable-v2.17.6",
// The last CodeQL release in the 2.18 series.
"stable-v2.18.4",
// The last CodeQL release in the 2.19 series.
"stable-v2.19.4",
// The last CodeQL release in the 2.20 series.
"stable-v2.20.7",
@@ -126,6 +122,10 @@ const defaultTestVersions = [
"stable-v2.21.4",
// The last CodeQL release in the 2.22 series.
"stable-v2.22.4",
// The last CodeQL release in the 2.23 series.
"stable-v2.23.9",
// The last CodeQL release in the 2.24 series.
"stable-v2.24.3",
// The default version of CodeQL for Dotcom, as determined by feature flags.
"default",
// The version of CodeQL shipped with the Action in `defaults.json`. During the release process
src/codeql.test.ts
+4 -4
View File
@@ -1072,7 +1072,7 @@ test.serial(
);
test.serial(
"Avoids duplicating --overwrite flag if specified in CODEQL_ACTION_EXTRA_OPTIONS",
"Avoids duplicating --force-overwrite flag if specified in CODEQL_ACTION_EXTRA_OPTIONS",
async (t) => {
const runnerConstructorStub = stubToolRunnerConstructor();
const codeqlObject = await stubCodeql();
@@ -1080,7 +1080,7 @@ test.serial(
sinon.stub(io, "which").resolves("");
process.env["CODEQL_ACTION_EXTRA_OPTIONS"] =
'{ "database": { "init": ["--overwrite"] } }';
'{ "database": { "init": ["--force-overwrite"] } }';
await codeqlObject.databaseInitCluster(
stubConfig,
@@ -1093,9 +1093,9 @@ test.serial(
t.true(runnerConstructorStub.calledOnce);
const args = runnerConstructorStub.firstCall.args[1] as string[];
t.is(
args.filter((option: string) => option === "--overwrite").length,
args.filter((option: string) => option === "--force-overwrite").length,
1,
"--overwrite should only be passed once",
"--force-overwrite should only be passed once",
);
// Clean up
src/codeql.ts
+13 -18
View File
@@ -277,7 +277,7 @@ let cachedCodeQL: CodeQL | undefined = undefined;
* The version flags below can be used to conditionally enable certain features
* on versions newer than this.
*/
const CODEQL_MINIMUM_VERSION = "2.17.6";
const CODEQL_MINIMUM_VERSION = "2.19.4";
/**
* This version will shortly become the oldest version of CodeQL that the Action will run with.
@@ -592,13 +592,6 @@ async function getCodeQLForCmd(
extraArgs.push(`--qlconfig-file=${qlconfigFile}`);
}
const overwriteFlag = isSupportedToolsFeature(
await this.getVersion(),
ToolsFeature.ForceOverwrite,
)
? "--force-overwrite"
: "--overwrite";
const overlayDatabaseMode = config.overlayDatabaseMode;
if (overlayDatabaseMode === OverlayDatabaseMode.Overlay) {
const overlayChangesFile = await writeOverlayChangesFile(
@@ -625,7 +618,7 @@ async function getCodeQLForCmd(
"init",
...(overlayDatabaseMode === OverlayDatabaseMode.Overlay
? []
: [overwriteFlag]),
: ["--force-overwrite"]),
"--db-cluster",
config.dbLocation,
`--source-root=${sourceRoot}`,
@@ -636,7 +629,14 @@ async function getCodeQLForCmd(
// Some user configs specify `--no-calculate-baseline` as an additional
// argument to `codeql database init`. Therefore ignore the baseline file
// options here to avoid specifying the same argument twice and erroring.
ignoringOptions: ["--overwrite", ...baselineFilesOptions],
//
// Ignore `--overwrite` to avoid passing both `--force-overwrite` and `--overwrite` if
// the user has configured `--overwrite`.
ignoringOptions: [
"--force-overwrite",
"--overwrite",
...baselineFilesOptions,
],
}),
],
{ stdin: externalRepositoryToken },
@@ -853,7 +853,7 @@ async function getCodeQLForCmd(
"--sarif-group-rules-by-pack",
"--sarif-include-query-help=always",
"--sublanguage-file-coverage",
...(await getJobRunUuidSarifOptions(this)),
...(await getJobRunUuidSarifOptions()),
...getExtraOptionsFromEnv(["database", "interpret-results"]),
];
if (sarifRunPropertyFlag !== undefined) {
@@ -1283,13 +1283,8 @@ function applyAutobuildAzurePipelinesTimeoutFix() {
].join(" ");
}
async function getJobRunUuidSarifOptions(codeql: CodeQL) {
async function getJobRunUuidSarifOptions() {
const jobRunUuid = process.env[EnvVar.JOB_RUN_UUID];
return jobRunUuid &&
(await codeql.supportsFeature(
ToolsFeature.DatabaseInterpretResultsSupportsSarifRunProperty,
))
? [`--sarif-run-property=jobRunUuid=${jobRunUuid}`]
: [];
return jobRunUuid ? [`--sarif-run-property=jobRunUuid=${jobRunUuid}`] : [];
}
src/feature-flags.ts
+3
View File
@@ -26,6 +26,9 @@ const DEFAULT_VERSION_FEATURE_FLAG_SUFFIX = "_enabled";
/**
* The first version of the CodeQL Bundle that shipped with zstd-compressed bundles.
*
* This is now below the minimum version of CodeQL, but we keep this around because we currently set
* up CodeQL before checking that the version is new enough.
*/
export const CODEQL_VERSION_ZSTD_BUNDLE = "2.19.0";
src/tools-features.test.ts
+7 -3
View File
@@ -6,9 +6,13 @@ import { ToolsFeature, isSupportedToolsFeature } from "./tools-features";
test("isSupportedToolsFeature", async (t) => {
const versionInfo = makeVersionInfo("1.0.0");
t.false(isSupportedToolsFeature(versionInfo, ToolsFeature.ForceOverwrite));
t.false(
isSupportedToolsFeature(versionInfo, ToolsFeature.BundleSupportsOverlay),
);
versionInfo.features = { forceOverwrite: true };
versionInfo.features = { bundleSupportsOverlay: true };
t.true(isSupportedToolsFeature(versionInfo, ToolsFeature.ForceOverwrite));
t.true(
isSupportedToolsFeature(versionInfo, ToolsFeature.BundleSupportsOverlay),
);
});
src/tools-features.ts
-2
View File
@@ -6,8 +6,6 @@ export enum ToolsFeature {
BuiltinExtractorsSpecifyDefaultQueries = "builtinExtractorsSpecifyDefaultQueries",
BundleSupportsIncludeOption = "bundleSupportsIncludeOption",
BundleSupportsOverlay = "bundleSupportsOverlay",
DatabaseInterpretResultsSupportsSarifRunProperty = "databaseInterpretResultsSupportsSarifRunProperty",
ForceOverwrite = "forceOverwrite",
IndirectTracingSupportsStaticBinaries = "indirectTracingSupportsStaticBinaries",
SuppressesMissingFileBaselineWarning = "suppressesMissingFileBaselineWarning",
}