Merge branch 'main' into dependabot/npm_and_yarn/npm-61c837125e

2026-05-27 10:01:44 +03:00 · 2024-12-18 16:36:02 -08:00
parent 34cb19c91b 562042d742
commit d8f8eca6c5
20 changed files with 47 additions and 55 deletions
@@ -28,7 +28,7 @@ jobs:
      matrix:
        include:
          - os: ubuntu-latest
-            version: stable-v2.14.6
+            version: default
    name: 'Go: diagnostic when Go is changed after init step'
    permissions:
      contents: read
@@ -28,7 +28,7 @@ jobs:
      matrix:
        include:
          - os: ubuntu-latest
-            version: stable-v2.14.6
+            version: default
    name: 'Go: diagnostic when `file` is not installed'
    permissions:
      contents: read
@@ -28,7 +28,7 @@ jobs:
      matrix:
        include:
          - os: ubuntu-latest
-            version: stable-v2.14.6
+            version: default
    name: 'Go: workaround for indirect tracing'
    permissions:
      contents: read
@@ -27,10 +27,6 @@ jobs:
      fail-fast: false
      matrix:
        include:
-          - os: ubuntu-latest
-            version: stable-v2.14.6
-          - os: macos-13
-            version: stable-v2.14.6
          - os: ubuntu-latest
            version: stable-v2.15.5
          - os: macos-latest
@@ -47,6 +43,10 @@ jobs:
            version: stable-v2.18.4
          - os: macos-latest
            version: stable-v2.18.4
+          - os: ubuntu-latest
+            version: stable-v2.19.4
+          - os: macos-latest
+            version: stable-v2.19.4
          - os: ubuntu-latest
            version: default
          - os: macos-latest
@@ -27,10 +27,6 @@ jobs:
      fail-fast: false
      matrix:
        include:
-          - os: ubuntu-latest
-            version: stable-v2.14.6
-          - os: macos-13
-            version: stable-v2.14.6
          - os: ubuntu-latest
            version: stable-v2.15.5
          - os: macos-latest
@@ -47,6 +43,10 @@ jobs:
            version: stable-v2.18.4
          - os: macos-latest
            version: stable-v2.18.4
+          - os: ubuntu-latest
+            version: stable-v2.19.4
+          - os: macos-latest
+            version: stable-v2.19.4
          - os: ubuntu-latest
            version: default
          - os: macos-latest
@@ -27,10 +27,6 @@ jobs:
      fail-fast: false
      matrix:
        include:
-          - os: ubuntu-latest
-            version: stable-v2.14.6
-          - os: macos-13
-            version: stable-v2.14.6
          - os: ubuntu-latest
            version: stable-v2.15.5
          - os: macos-latest
@@ -47,6 +43,10 @@ jobs:
            version: stable-v2.18.4
          - os: macos-latest
            version: stable-v2.18.4
+          - os: ubuntu-latest
+            version: stable-v2.19.4
+          - os: macos-latest
+            version: stable-v2.19.4
          - os: ubuntu-latest
            version: default
          - os: macos-latest
@@ -27,10 +27,6 @@ jobs:
      fail-fast: false
      matrix:
        include:
-          - os: macos-13
-            version: stable-v2.14.6
-          - os: ubuntu-latest
-            version: stable-v2.14.6
          - os: macos-latest
            version: stable-v2.15.5
          - os: ubuntu-latest
@@ -47,6 +43,10 @@ jobs:
            version: stable-v2.18.4
          - os: ubuntu-latest
            version: stable-v2.18.4
+          - os: macos-latest
+            version: stable-v2.19.4
+          - os: ubuntu-latest
+            version: stable-v2.19.4
          - os: macos-latest
            version: default
          - os: ubuntu-latest
@@ -88,15 +88,12 @@ jobs:
        id: init
        with:
          db-location: ${{ runner.temp }}/customDbLocation
-      # Swift is not supported on Ubuntu or codeql 2.14 so we manually exclude it from the list here
-          languages: ${{ (runner.os == 'Linux' || (runner.os == 'macOS' && matrix.version
-            == 'stable-v2.14.6')) && 'cpp,csharp,go,java,javascript,python,ruby' ||
-            '' }}
+          languages: ${{ runner.os == 'Linux' && 'cpp,csharp,go,java,javascript,python,ruby'
+            || '' }}
          tools: ${{ steps.prepare-test.outputs.tools-url }}

      - uses: ./../action/.github/actions/setup-swift
-    # Exclude macos on v2.14.6 since we can not longer run swift on ARM runners
-        if: runner.os == 'macOS' && matrix.version != 'stable-v2.14.6'
+        if: runner.os == 'macOS'
        with:
          codeql-path: ${{ steps.init.outputs.codeql-path }}

@@ -149,8 +146,7 @@ jobs:
          fi

      - name: Check language autodetect for Swift on macOS
-    # Exclude macos on v2.14.6 since we can not longer run swift on ARM runners
-        if: runner.os == 'macOS' && matrix.version != 'stable-v2.14.6'
+        if: runner.os == 'macOS'
        shell: bash
        run: |
          SWIFT_DB=${{ fromJson(steps.analysis.outputs.db-locations).swift }}
@@ -22,11 +22,11 @@ jobs:
      fail-fast: false
      matrix:
        version:
-        - stable-v2.14.6
        - stable-v2.15.5
        - stable-v2.16.6
        - stable-v2.17.6
        - stable-v2.18.4
+        - stable-v2.19.4
        - default
        - linked
        - nightly-latest
@@ -71,7 +71,7 @@ jobs:
      - name: Check expected artifacts exist
        shell: bash
        run: |
-          VERSIONS="stable-v2.14.6 stable-v2.15.5 stable-v2.16.6 stable-v2.17.6 stable-v2.18.4 default linked nightly-latest"
+          VERSIONS="stable-v2.15.5 stable-v2.16.6 stable-v2.17.6 stable-v2.18.4 stable-v2.19.4 default linked nightly-latest"
          LANGUAGES="cpp csharp go java javascript python"
          for version in $VERSIONS; do
            pushd "./my-debug-artifacts-${version//./}"
@@ -6,7 +6,7 @@ Note that the only difference between `v2` and `v3` of the CodeQL Action is the

 ## [UNRELEASED]

-No user facing changes.
+- Bump the minimum CodeQL bundle version to 2.15.5. [#2655](https://github.com/github/codeql-action/pull/2655)

 ## 3.27.9 - 12 Dec 2024

@@ -81,9 +81,8 @@ We typically release new minor versions of the CodeQL Action and Bundle when a n
 | `v3.25.11` | `2.17.6` | Enterprise Server 3.14 | |
 | `v3.24.11` | `2.16.6` | Enterprise Server 3.13 | |
 | `v3.22.12` | `2.15.5` | Enterprise Server 3.12 | |
-| `v2.22.1` | `2.14.6` | Enterprise Server 3.11 | Supports CodeQL Action v3, but did not ship with CodeQL Action v3. For more information, see "[Code scanning: deprecation of CodeQL Action v2](https://github.blog/changelog/2024-01-12-code-scanning-deprecation-of-codeql-action-v2/#users-of-github-enterprise-server-311)." |

-CodeQL Action v2 will stop receiving updates when GHES 3.11 is deprecated.
+CodeQL Action v2 has stopped receiving updates now that GHES 3.11 is deprecated.

 See the full list of GHES release and deprecation dates at [GitHub Enterprise Server releases](https://docs.github.com/en/enterprise-server/admin/all-releases#releases-of-github-enterprise-server).

@@ -75,19 +75,19 @@ let cachedCodeQL = undefined;
 * The version flags below can be used to conditionally enable certain features
 * on versions newer than this.
 */
-const CODEQL_MINIMUM_VERSION = "2.14.6";
+const CODEQL_MINIMUM_VERSION = "2.15.5";
 /**
 * This version will shortly become the oldest version of CodeQL that the Action will run with.
 */
-const CODEQL_NEXT_MINIMUM_VERSION = "2.14.6";
+const CODEQL_NEXT_MINIMUM_VERSION = "2.15.5";
 /**
 * This is the version of GHES that was most recently deprecated.
 */
-const GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.10";
+const GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.11";
 /**
 * This is the deprecation date for the version of GHES that was most recently deprecated.
 */
-const GHES_MOST_RECENT_DEPRECATION_DATE = "2024-09-24";
+const GHES_MOST_RECENT_DEPRECATION_DATE = "2024-12-19";
 /** The CLI verbosity level to use for extraction in debug mode. */
 const EXTRACTION_DEBUG_MODE_VERBOSITY = "progress++";
 /*
@@ -1,6 +1,6 @@
 {
  "name": "codeql",
-  "version": "3.27.10",
+  "version": "3.28.0",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
@@ -1,12 +1,12 @@
 {
  "name": "codeql",
-  "version": "3.27.10",
+  "version": "3.28.0",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
    "": {
      "name": "codeql",
-      "version": "3.27.10",
+      "version": "3.28.0",
      "license": "MIT",
      "dependencies": {
        "@actions/artifact": "^2.1.9",
@@ -1,6 +1,6 @@
 {
  "name": "codeql",
-  "version": "3.27.10",
+  "version": "3.28.0",
  "private": true,
  "description": "CodeQL action",
  "scripts": {
@@ -3,7 +3,7 @@ description: "Checks that we emit a diagnostic if Go is changed after the init s
 # only Linux is affected
 operatingSystems: ["ubuntu"]
 # pinned to a version which does not support statically linked binaries for indirect tracing
-versions: ["stable-v2.14.6"]
+versions: ["default"]
 steps:
  - uses: actions/setup-go@v5
    with:
@@ -3,7 +3,7 @@ description: "Checks that we emit a diagnostic if the `file` program is not inst
 # only Linux is affected
 operatingSystems: ["ubuntu"]
 # pinned to a version which does not support statically linked binaries for indirect tracing
-versions: ["stable-v2.14.6"]
+versions: ["default"]
 steps:
  - uses: actions/setup-go@v5
    with:
@@ -3,7 +3,7 @@ description: "Checks that our workaround for indirect tracing for Go 1.21+ on Li
 # only Linux is affected
 operatingSystems: ["ubuntu"]
 # pinned to a version which does not support statically linked binaries for indirect tracing
-versions: ["stable-v2.14.6"]
+versions: ["default"]
 steps:
  - uses: actions/setup-go@v5
    with:
@@ -10,13 +10,11 @@ steps:
    id: init
    with:
      db-location: "${{ runner.temp }}/customDbLocation"
-      # Swift is not supported on Ubuntu or codeql 2.14 so we manually exclude it from the list here
-      languages: ${{ (runner.os == 'Linux' || (runner.os == 'macOS' && matrix.version == 'stable-v2.14.6')) && 'cpp,csharp,go,java,javascript,python,ruby' || '' }}
+      languages: ${{ runner.os == 'Linux' && 'cpp,csharp,go,java,javascript,python,ruby' || '' }}
      tools: ${{ steps.prepare-test.outputs.tools-url }}

  - uses: ./../action/.github/actions/setup-swift
-    # Exclude macos on v2.14.6 since we can not longer run swift on ARM runners
-    if: runner.os == 'macOS' && matrix.version != 'stable-v2.14.6'
+    if: runner.os == 'macOS'
    with:
      codeql-path: ${{ steps.init.outputs.codeql-path }}

@@ -69,8 +67,7 @@ steps:
      fi

  - name: Check language autodetect for Swift on macOS
-    # Exclude macos on v2.14.6 since we can not longer run swift on ARM runners
-    if: runner.os == 'macOS' && matrix.version != 'stable-v2.14.6'
+    if: runner.os == 'macOS'
    shell: bash
    run: |
      SWIFT_DB=${{ fromJson(steps.analysis.outputs.db-locations).swift }}
@@ -9,8 +9,6 @@ import os
 # The default set of CodeQL Bundle versions to use for the PR checks.
 defaultTestVersions = [
    # The oldest supported CodeQL version. If bumping, update `CODEQL_MINIMUM_VERSION` in `codeql.ts`
-    "stable-v2.14.6",
-    # The last CodeQL release in the 2.15 series.
    "stable-v2.15.5",
    # The last CodeQL release in the 2.16 series.
    "stable-v2.16.6",
@@ -18,6 +16,8 @@ defaultTestVersions = [
    "stable-v2.17.6",
    # The last CodeQL release in the 2.18 series.
    "stable-v2.18.4",
+    # The last CodeQL release in the 2.19 series.
+    "stable-v2.19.4",
    # The default version of CodeQL for Dotcom, as determined by feature flags.
    "default",
    # The version of CodeQL shipped with the Action in `defaults.json`. During the release process
@@ -276,22 +276,22 @@ let cachedCodeQL: CodeQL | undefined = undefined;
 * The version flags below can be used to conditionally enable certain features
 * on versions newer than this.
 */
-const CODEQL_MINIMUM_VERSION = "2.14.6";
+const CODEQL_MINIMUM_VERSION = "2.15.5";

 /**
 * This version will shortly become the oldest version of CodeQL that the Action will run with.
 */
-const CODEQL_NEXT_MINIMUM_VERSION = "2.14.6";
+const CODEQL_NEXT_MINIMUM_VERSION = "2.15.5";

 /**
 * This is the version of GHES that was most recently deprecated.
 */
-const GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.10";
+const GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.11";

 /**
 * This is the deprecation date for the version of GHES that was most recently deprecated.
 */
-const GHES_MOST_RECENT_DEPRECATION_DATE = "2024-09-24";
+const GHES_MOST_RECENT_DEPRECATION_DATE = "2024-12-19";

 /** The CLI verbosity level to use for extraction in debug mode. */
 const EXTRACTION_DEBUG_MODE_VERBOSITY = "progress++";