diff --git a/.github/actions/check-sarif/action.yml b/.github/actions/check-sarif/action.yml index 89ff9d703..bfa1c3b9d 100644 --- a/.github/actions/check-sarif/action.yml +++ b/.github/actions/check-sarif/action.yml @@ -16,5 +16,5 @@ inputs: Comma separated list of query ids that should NOT be included in this SARIF file. runs: - using: node20 + using: node24 main: index.js diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 96e7f52f6..3b632d8f3 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -1,4 +1,13 @@ - + ### Risk assessment @@ -7,6 +16,44 @@ For internal use only. Please select the risk level of this change: - **Low risk:** Changes are fully under feature flags, or have been fully tested and validated in pre-production environments and are highly observable, or are documentation or test only. - **High risk:** Changes are not fully under feature flags, have limited visibility and/or cannot be tested outside of production. +#### Which use cases does this change impact? + + + +- **Advanced setup** - Impacts users who have custom workflows. +- **Default setup** - Impacts users who use default setup. +- **Code Scanning** - Impacts Code Scanning (i.e. `analysis-kinds: code-scanning`). +- **Code Quality** - Impacts Code Quality (i.e. `analysis-kinds: code-quality`). +- **Third-party analyses** - Impacts third-party analyses (i.e. `upload-sarif`). +- **GHES** - Impacts GitHub Enterprise Server. + +#### How did/will you validate this change? + + + +- **Test repository** - This change will be tested on a test repository before merging. +- **Unit tests** - I am depending on unit test coverage (i.e. tests in `.test.ts` files). +- **End-to-end tests** - I am depending on PR checks (i.e. tests in `pr-checks`). +- **Other** - Please provide details. +- **None** - I am not validating these changes. + +#### If something goes wrong after this change is released, what are the mitigation and rollback strategies? + + + +- **Feature flags** - All new or changed code paths can be fully disabled with corresponding feature flags. +- **Rollback** - Change can only be disabled by rolling back the release or releasing a new version with a fix. +- **Other** - Please provide details. + +#### How will you know if something goes wrong after this change is released? + + + +- **Telemetry** - I rely on existing telemetry or have made changes to the telemetry. + - **Dashboards** - I will watch relevant dashboards for issues after the release. Consider whether this requires this change to be released at a particular time rather than as part of a regular release. + - **Alerts** - New or existing monitors will trip if something goes wrong with this change. +- **Other** - Please provide details. + ### Merge / deployment checklist - Confirm this change is backwards compatible with existing workflows. diff --git a/.github/workflows/__upload-quality-sarif.yml b/.github/workflows/__upload-quality-sarif.yml deleted file mode 100644 index 9e1dceafc..000000000 --- a/.github/workflows/__upload-quality-sarif.yml +++ /dev/null @@ -1,95 +0,0 @@ -# Warning: This file is generated automatically, and should not be modified. -# Instead, please modify the template in the pr-checks directory and run: -# pr-checks/sync.sh -# to regenerate this file. - -name: 'PR Check - Upload-sarif: code quality endpoint' -env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GO111MODULE: auto -on: - push: - branches: - - main - - releases/v* - pull_request: - types: - - opened - - synchronize - - reopened - - ready_for_review - schedule: - - cron: '0 5 * * *' - workflow_dispatch: - inputs: - go-version: - type: string - description: The version of Go to install - required: false - default: '>=1.21.0' - workflow_call: - inputs: - go-version: - type: string - description: The version of Go to install - required: false - default: '>=1.21.0' -defaults: - run: - shell: bash -concurrency: - cancel-in-progress: ${{ github.event_name == 'pull_request' }} - group: ${{ github.workflow }}-${{ github.ref }} -jobs: - upload-quality-sarif: - strategy: - fail-fast: false - matrix: - include: - - os: ubuntu-latest - version: default - name: 'Upload-sarif: code quality endpoint' - if: github.triggering_actor != 'dependabot[bot]' - permissions: - contents: read - security-events: read - timeout-minutes: 45 - runs-on: ${{ matrix.os }} - steps: - - name: Check out repository - uses: actions/checkout@v5 - - name: Prepare test - id: prepare-test - uses: ./.github/actions/prepare-test - with: - version: ${{ matrix.version }} - use-all-platform-bundle: 'false' - setup-kotlin: 'true' - - name: Install Go - uses: actions/setup-go@v6 - with: - go-version: ${{ inputs.go-version || '>=1.21.0' }} - cache: false - - uses: ./../action/init - with: - tools: ${{ steps.prepare-test.outputs.tools-url }} - languages: csharp,java,javascript,python - analysis-kinds: code-quality - - name: Build code - run: ./build.sh - # Generate some SARIF we can upload with the upload-sarif step - - uses: ./../action/analyze - with: - ref: refs/heads/main - sha: 5e235361806c361d4d3f8859e3c897658025a9a2 - upload: never - - uses: ./../action/upload-sarif - id: upload-sarif - with: - ref: refs/heads/main - sha: 5e235361806c361d4d3f8859e3c897658025a9a2 - - name: Check output from `upload-sarif` step - if: '!(fromJSON(steps.upload-sarif.outputs.sarif-ids).code-quality)' - run: exit 1 - env: - CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__upload-sarif.yml b/.github/workflows/__upload-sarif.yml new file mode 100644 index 000000000..91a1af5e0 --- /dev/null +++ b/.github/workflows/__upload-sarif.yml @@ -0,0 +1,158 @@ +# Warning: This file is generated automatically, and should not be modified. +# Instead, please modify the template in the pr-checks directory and run: +# pr-checks/sync.sh +# to regenerate this file. + +name: PR Check - Test different uses of `upload-sarif` +env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GO111MODULE: auto +on: + push: + branches: + - main + - releases/v* + pull_request: + types: + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' + workflow_dispatch: + inputs: + go-version: + type: string + description: The version of Go to install + required: false + default: '>=1.21.0' + workflow_call: + inputs: + go-version: + type: string + description: The version of Go to install + required: false + default: '>=1.21.0' +defaults: + run: + shell: bash +concurrency: + cancel-in-progress: ${{ github.event_name == 'pull_request' }} + group: ${{ github.workflow }}-${{ github.ref }} +jobs: + upload-sarif: + strategy: + fail-fast: false + matrix: + include: + - os: ubuntu-latest + version: default + analysis-kinds: code-scanning + - os: ubuntu-latest + version: default + analysis-kinds: code-quality + - os: ubuntu-latest + version: default + analysis-kinds: code-scanning,code-quality + name: Test different uses of `upload-sarif` + if: github.triggering_actor != 'dependabot[bot]' + permissions: + contents: read + security-events: read + timeout-minutes: 45 + runs-on: ${{ matrix.os }} + steps: + - name: Check out repository + uses: actions/checkout@v5 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + setup-kotlin: 'true' + - name: Install Go + uses: actions/setup-go@v6 + with: + go-version: ${{ inputs.go-version || '>=1.21.0' }} + cache: false + - uses: ./../action/init + with: + tools: ${{ steps.prepare-test.outputs.tools-url }} + languages: csharp,java,javascript,python + analysis-kinds: ${{ matrix.analysis-kinds }} + - name: Build code + run: ./build.sh + # Generate some SARIF we can upload with the upload-sarif step + - uses: ./../action/analyze + with: + ref: refs/heads/main + sha: 5e235361806c361d4d3f8859e3c897658025a9a2 + upload: never + output: ${{ runner.temp }}/results + + - name: | + Upload all SARIF files for `analysis-kinds: ${{ matrix.analysis-kinds }}` + uses: ./../action/upload-sarif + id: upload-sarif + with: + ref: refs/heads/main + sha: 5e235361806c361d4d3f8859e3c897658025a9a2 + sarif_file: ${{ runner.temp }}/results + category: | + ${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:all-files/ + - name: Fail for missing output from `upload-sarif` step for `code-scanning` + if: contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-sarif.outputs.sarif-ids).code-scanning) + run: exit 1 + - name: Fail for missing output from `upload-sarif` step for `code-quality` + if: contains(matrix.analysis-kinds, 'code-quality') && !(fromJSON(steps.upload-sarif.outputs.sarif-ids).code-quality) + run: exit 1 + + - name: Upload single SARIF file for Code Scanning + uses: ./../action/upload-sarif + id: upload-single-sarif-code-scanning + if: contains(matrix.analysis-kinds, 'code-scanning') + with: + ref: refs/heads/main + sha: 5e235361806c361d4d3f8859e3c897658025a9a2 + sarif_file: ${{ runner.temp }}/results/javascript.sarif + category: | + ${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:single-code-scanning/ + - name: Fail for missing output from `upload-single-sarif-code-scanning` step + if: contains(matrix.analysis-kinds, 'code-scanning') && + !(fromJSON(steps.upload-single-sarif-code-scanning.outputs.sarif-ids).code-scanning) + run: exit 1 + - name: Upload single SARIF file for Code Quality + uses: ./../action/upload-sarif + id: upload-single-sarif-code-quality + if: contains(matrix.analysis-kinds, 'code-quality') + with: + ref: refs/heads/main + sha: 5e235361806c361d4d3f8859e3c897658025a9a2 + sarif_file: ${{ runner.temp }}/results/javascript.quality.sarif + category: | + ${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:single-code-quality/ + - name: Fail for missing output from `upload-single-sarif-code-quality` step + if: contains(matrix.analysis-kinds, 'code-quality') && + !(fromJSON(steps.upload-single-sarif-code-quality.outputs.sarif-ids).code-quality) + run: exit 1 + + - name: Change SARIF file extension + if: contains(matrix.analysis-kinds, 'code-scanning') + run: mv ${{ runner.temp }}/results/javascript.sarif ${{ runner.temp }}/results/javascript.sarif.json + - name: Upload single non-`.sarif` file + uses: ./../action/upload-sarif + id: upload-single-non-sarif + if: contains(matrix.analysis-kinds, 'code-scanning') + with: + ref: refs/heads/main + sha: 5e235361806c361d4d3f8859e3c897658025a9a2 + sarif_file: ${{ runner.temp }}/results/javascript.sarif.json + category: | + ${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:non-sarif/ + - name: Fail for missing output from `upload-single-non-sarif` step + if: contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-single-non-sarif.outputs.sarif-ids).code-scanning) + run: exit 1 + env: + CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__with-checkout-path.yml b/.github/workflows/__with-checkout-path.yml index e12c9846a..e706b5d39 100644 --- a/.github/workflows/__with-checkout-path.yml +++ b/.github/workflows/__with-checkout-path.yml @@ -103,29 +103,30 @@ jobs: - name: Verify SARIF after upload run: | + PAYLOAD_FILE="$RUNNER_TEMP/payload-code-scanning.json" EXPECTED_COMMIT_OID="474bbf07f9247ffe1856c6a0f94aeeb10e7afee6" EXPECTED_REF="v1.1.0" EXPECTED_CHECKOUT_URI_SUFFIX="/x/y/z/some-path/tests/multi-language-repo" - ACTUAL_COMMIT_OID="$(cat "$RUNNER_TEMP/payload.json" | jq -r .commit_oid)" - ACTUAL_REF="$(cat "$RUNNER_TEMP/payload.json" | jq -r .ref)" - ACTUAL_CHECKOUT_URI="$(cat "$RUNNER_TEMP/payload.json" | jq -r .checkout_uri)" + ACTUAL_COMMIT_OID="$(cat "$PAYLOAD_FILE" | jq -r .commit_oid)" + ACTUAL_REF="$(cat "$PAYLOAD_FILE" | jq -r .ref)" + ACTUAL_CHECKOUT_URI="$(cat "$PAYLOAD_FILE" | jq -r .checkout_uri)" if [[ "$EXPECTED_COMMIT_OID" != "$ACTUAL_COMMIT_OID" ]]; then echo "::error Invalid commit oid. Expected: $EXPECTED_COMMIT_OID Actual: $ACTUAL_COMMIT_OID" - echo "$RUNNER_TEMP/payload.json" + echo "$PAYLOAD_FILE" exit 1 fi if [[ "$EXPECTED_REF" != "$ACTUAL_REF" ]]; then echo "::error Invalid ref. Expected: '$EXPECTED_REF' Actual: '$ACTUAL_REF'" - echo "$RUNNER_TEMP/payload.json" + echo "$PAYLOAD_FILE" exit 1 fi if [[ "$ACTUAL_CHECKOUT_URI" != *$EXPECTED_CHECKOUT_URI_SUFFIX ]]; then echo "::error Invalid checkout URI suffix. Expected suffix: $EXPECTED_CHECKOUT_URI_SUFFIX Actual uri: $ACTUAL_CHECKOUT_URI" - echo "$RUNNER_TEMP/payload.json" + echo "$PAYLOAD_FILE" exit 1 fi env: diff --git a/.github/workflows/codescanning-config-cli.yml b/.github/workflows/codescanning-config-cli.yml index c6dc41f29..0c6213e9e 100644 --- a/.github/workflows/codescanning-config-cli.yml +++ b/.github/workflows/codescanning-config-cli.yml @@ -58,7 +58,7 @@ jobs: - name: Set up Node.js uses: actions/setup-node@v5 with: - node-version: '20' + node-version: 24 cache: 'npm' - name: Install dependencies diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml index 2fd737de8..376730e38 100644 --- a/.github/workflows/pr-checks.yml +++ b/.github/workflows/pr-checks.yml @@ -20,6 +20,7 @@ jobs: fail-fast: false matrix: os: [ubuntu-latest, macos-latest, windows-latest] + node-version: [20, 24] permissions: contents: read security-events: write # needed to upload ESLint results @@ -36,7 +37,7 @@ jobs: - name: Set up Node.js uses: actions/setup-node@v5 with: - node-version: '20.x' + node-version: ${{ matrix.node-version }} cache: 'npm' - name: Set up Python @@ -73,7 +74,7 @@ jobs: - name: Upload sarif uses: github/codeql-action/upload-sarif@v3 - if: matrix.os == 'ubuntu-latest' + if: matrix.os == 'ubuntu-latest' && matrix.node-version == 24 with: sarif_file: eslint.sarif category: eslint diff --git a/.github/workflows/query-filters.yml b/.github/workflows/query-filters.yml index aabcc144b..fa89d2d93 100644 --- a/.github/workflows/query-filters.yml +++ b/.github/workflows/query-filters.yml @@ -34,7 +34,7 @@ jobs: - name: Install Node.js uses: actions/setup-node@v5 with: - node-version: 20.x + node-version: 24 cache: npm - name: Install dependencies diff --git a/.github/workflows/update-bundle.yml b/.github/workflows/update-bundle.yml index e64135d84..6705d7d14 100644 --- a/.github/workflows/update-bundle.yml +++ b/.github/workflows/update-bundle.yml @@ -43,7 +43,7 @@ jobs: - name: Set up Node.js uses: actions/setup-node@v5 with: - node-version: '20.x' + node-version: 24 cache: 'npm' - name: Install dependencies diff --git a/CHANGELOG.md b/CHANGELOG.md index 3b0da85e3..37bca4058 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th ## [UNRELEASED] -No user facing changes. +- [v4+ only] The CodeQL Action now runs on Node.js v24. [#3169](https://github.com/github/codeql-action/pull/3169) ## 3.30.6 - 02 Oct 2025 diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 493ae847c..13614cb01 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -13,7 +13,7 @@ Please note that this project is released with a [Contributor Code of Conduct][c ## Development and Testing -Before you start, ensure that you have a recent version of node (16 or higher) installed, along with a recent version of npm (9.2 or higher). You can see which version of node is used by the action in `init/action.yml`. +Before you start, ensure that you have a recent version of node (24 or higher) installed, along with a recent version of npm (9.2 or higher). You can see which version of node is used by the action in `init/action.yml`. ### Common tasks diff --git a/README.md b/README.md index c5b8eab81..d4e5320b3 100644 --- a/README.md +++ b/README.md @@ -62,7 +62,8 @@ For compiled languages: The following versions of the CodeQL Action are currently supported: -- v3 (latest) +- v4 (latest) +- v3 ## Supported versions of the CodeQL Bundle on GitHub Enterprise Server diff --git a/analyze/action.yml b/analyze/action.yml index b7880be17..7fc118b15 100644 --- a/analyze/action.yml +++ b/analyze/action.yml @@ -92,6 +92,6 @@ outputs: sarif-id: description: The ID of the uploaded SARIF file. runs: - using: node20 + using: node24 main: "../lib/analyze-action.js" post: "../lib/analyze-action-post.js" diff --git a/autobuild/action.yml b/autobuild/action.yml index 80d8c1c31..c820fb5af 100644 --- a/autobuild/action.yml +++ b/autobuild/action.yml @@ -15,5 +15,5 @@ inputs: $GITHUB_WORKSPACE as its working directory. required: false runs: - using: node20 + using: node24 main: '../lib/autobuild-action.js' diff --git a/init/action.yml b/init/action.yml index ba5d6efcc..57d5a9940 100644 --- a/init/action.yml +++ b/init/action.yml @@ -165,6 +165,6 @@ outputs: codeql-version: description: The version of the CodeQL binary used for analysis runs: - using: node20 + using: node24 main: '../lib/init-action.js' post: '../lib/init-action-post.js' diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index 955d69185..983b67d68 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -26438,7 +26438,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.7", + version: "4.30.7", private: true, description: "CodeQL action", scripts: { @@ -26493,7 +26493,7 @@ var require_package = __commonJS({ "@ava/typescript": "6.0.0", "@eslint/compat": "^1.4.0", "@eslint/eslintrc": "^3.3.1", - "@eslint/js": "^9.36.0", + "@eslint/js": "^9.37.0", "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.0", "@types/archiver": "^6.0.3", @@ -26504,7 +26504,7 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", - "@typescript-eslint/eslint-plugin": "^8.44.1", + "@typescript-eslint/eslint-plugin": "^8.45.0", "@typescript-eslint/parser": "^8.41.0", ava: "^6.4.1", esbuild: "^0.25.10", @@ -26517,7 +26517,7 @@ var require_package = __commonJS({ glob: "^11.0.3", nock: "^14.0.10", sinon: "^21.0.0", - typescript: "^5.9.2" + typescript: "^5.9.3" }, overrides: { "@actions/tool-cache": { diff --git a/lib/analyze-action.js b/lib/analyze-action.js index 2b79889f0..559095bb9 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -32287,7 +32287,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.7", + version: "4.30.7", private: true, description: "CodeQL action", scripts: { @@ -32342,7 +32342,7 @@ var require_package = __commonJS({ "@ava/typescript": "6.0.0", "@eslint/compat": "^1.4.0", "@eslint/eslintrc": "^3.3.1", - "@eslint/js": "^9.36.0", + "@eslint/js": "^9.37.0", "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.0", "@types/archiver": "^6.0.3", @@ -32353,7 +32353,7 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", - "@typescript-eslint/eslint-plugin": "^8.44.1", + "@typescript-eslint/eslint-plugin": "^8.45.0", "@typescript-eslint/parser": "^8.41.0", ava: "^6.4.1", esbuild: "^0.25.10", @@ -32366,7 +32366,7 @@ var require_package = __commonJS({ glob: "^11.0.3", nock: "^14.0.10", sinon: "^21.0.0", - typescript: "^5.9.2" + typescript: "^5.9.3" }, overrides: { "@actions/tool-cache": { @@ -95575,12 +95575,12 @@ function getAutomationID2(category, analysis_key, environment) { } return computeAutomationID(analysis_key, environment); } -async function uploadPayload(payload, repositoryNwo, logger, target) { +async function uploadPayload(payload, repositoryNwo, logger, analysis) { logger.info("Uploading results"); if (isInTestMode()) { const payloadSaveFile = path18.join( getTemporaryDirectory(), - "payload.json" + `payload-${analysis.kind}.json` ); logger.info( `In test mode. Results are not uploaded. Saving to ${payloadSaveFile}` @@ -95591,7 +95591,7 @@ async function uploadPayload(payload, repositoryNwo, logger, target) { } const client = getApiClient(); try { - const response = await client.request(target, { + const response = await client.request(analysis.target, { owner: repositoryNwo.owner, repo: repositoryNwo.repo, data: payload @@ -95825,7 +95825,7 @@ async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features payload, getRepositoryNwo(), logger, - uploadTarget.target + uploadTarget ); logger.endGroup(); return { diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index 74dee6cb8..8ffe26946 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -26438,7 +26438,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.7", + version: "4.30.7", private: true, description: "CodeQL action", scripts: { @@ -26493,7 +26493,7 @@ var require_package = __commonJS({ "@ava/typescript": "6.0.0", "@eslint/compat": "^1.4.0", "@eslint/eslintrc": "^3.3.1", - "@eslint/js": "^9.36.0", + "@eslint/js": "^9.37.0", "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.0", "@types/archiver": "^6.0.3", @@ -26504,7 +26504,7 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", - "@typescript-eslint/eslint-plugin": "^8.44.1", + "@typescript-eslint/eslint-plugin": "^8.45.0", "@typescript-eslint/parser": "^8.41.0", ava: "^6.4.1", esbuild: "^0.25.10", @@ -26517,7 +26517,7 @@ var require_package = __commonJS({ glob: "^11.0.3", nock: "^14.0.10", sinon: "^21.0.0", - typescript: "^5.9.2" + typescript: "^5.9.3" }, overrides: { "@actions/tool-cache": { diff --git a/lib/init-action-post.js b/lib/init-action-post.js index 865a932b8..7bb815261 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -32287,7 +32287,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.7", + version: "4.30.7", private: true, description: "CodeQL action", scripts: { @@ -32342,7 +32342,7 @@ var require_package = __commonJS({ "@ava/typescript": "6.0.0", "@eslint/compat": "^1.4.0", "@eslint/eslintrc": "^3.3.1", - "@eslint/js": "^9.36.0", + "@eslint/js": "^9.37.0", "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.0", "@types/archiver": "^6.0.3", @@ -32353,7 +32353,7 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", - "@typescript-eslint/eslint-plugin": "^8.44.1", + "@typescript-eslint/eslint-plugin": "^8.45.0", "@typescript-eslint/parser": "^8.41.0", ava: "^6.4.1", esbuild: "^0.25.10", @@ -32366,7 +32366,7 @@ var require_package = __commonJS({ glob: "^11.0.3", nock: "^14.0.10", sinon: "^21.0.0", - typescript: "^5.9.2" + typescript: "^5.9.3" }, overrides: { "@actions/tool-cache": { @@ -133051,12 +133051,12 @@ function getAutomationID2(category, analysis_key, environment) { } return computeAutomationID(analysis_key, environment); } -async function uploadPayload(payload, repositoryNwo, logger, target) { +async function uploadPayload(payload, repositoryNwo, logger, analysis) { logger.info("Uploading results"); if (isInTestMode()) { const payloadSaveFile = path17.join( getTemporaryDirectory(), - "payload.json" + `payload-${analysis.kind}.json` ); logger.info( `In test mode. Results are not uploaded. Saving to ${payloadSaveFile}` @@ -133067,7 +133067,7 @@ async function uploadPayload(payload, repositoryNwo, logger, target) { } const client = getApiClient(); try { - const response = await client.request(target, { + const response = await client.request(analysis.target, { owner: repositoryNwo.owner, repo: repositoryNwo.repo, data: payload @@ -133301,7 +133301,7 @@ async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features payload, getRepositoryNwo(), logger, - uploadTarget.target + uploadTarget ); logger.endGroup(); return { diff --git a/lib/init-action.js b/lib/init-action.js index 4484568a4..2c7de3d12 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -32287,7 +32287,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.7", + version: "4.30.7", private: true, description: "CodeQL action", scripts: { @@ -32342,7 +32342,7 @@ var require_package = __commonJS({ "@ava/typescript": "6.0.0", "@eslint/compat": "^1.4.0", "@eslint/eslintrc": "^3.3.1", - "@eslint/js": "^9.36.0", + "@eslint/js": "^9.37.0", "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.0", "@types/archiver": "^6.0.3", @@ -32353,7 +32353,7 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", - "@typescript-eslint/eslint-plugin": "^8.44.1", + "@typescript-eslint/eslint-plugin": "^8.45.0", "@typescript-eslint/parser": "^8.41.0", ava: "^6.4.1", esbuild: "^0.25.10", @@ -32366,7 +32366,7 @@ var require_package = __commonJS({ glob: "^11.0.3", nock: "^14.0.10", sinon: "^21.0.0", - typescript: "^5.9.2" + typescript: "^5.9.3" }, overrides: { "@actions/tool-cache": { diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index 84807b350..17ff683ca 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -26438,7 +26438,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.7", + version: "4.30.7", private: true, description: "CodeQL action", scripts: { @@ -26493,7 +26493,7 @@ var require_package = __commonJS({ "@ava/typescript": "6.0.0", "@eslint/compat": "^1.4.0", "@eslint/eslintrc": "^3.3.1", - "@eslint/js": "^9.36.0", + "@eslint/js": "^9.37.0", "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.0", "@types/archiver": "^6.0.3", @@ -26504,7 +26504,7 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", - "@typescript-eslint/eslint-plugin": "^8.44.1", + "@typescript-eslint/eslint-plugin": "^8.45.0", "@typescript-eslint/parser": "^8.41.0", ava: "^6.4.1", esbuild: "^0.25.10", @@ -26517,7 +26517,7 @@ var require_package = __commonJS({ glob: "^11.0.3", nock: "^14.0.10", sinon: "^21.0.0", - typescript: "^5.9.2" + typescript: "^5.9.3" }, overrides: { "@actions/tool-cache": { diff --git a/lib/start-proxy-action-post.js b/lib/start-proxy-action-post.js index 018efc97f..d69dbbf58 100644 --- a/lib/start-proxy-action-post.js +++ b/lib/start-proxy-action-post.js @@ -26438,7 +26438,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.7", + version: "4.30.7", private: true, description: "CodeQL action", scripts: { @@ -26493,7 +26493,7 @@ var require_package = __commonJS({ "@ava/typescript": "6.0.0", "@eslint/compat": "^1.4.0", "@eslint/eslintrc": "^3.3.1", - "@eslint/js": "^9.36.0", + "@eslint/js": "^9.37.0", "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.0", "@types/archiver": "^6.0.3", @@ -26504,7 +26504,7 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", - "@typescript-eslint/eslint-plugin": "^8.44.1", + "@typescript-eslint/eslint-plugin": "^8.45.0", "@typescript-eslint/parser": "^8.41.0", ava: "^6.4.1", esbuild: "^0.25.10", @@ -26517,7 +26517,7 @@ var require_package = __commonJS({ glob: "^11.0.3", nock: "^14.0.10", sinon: "^21.0.0", - typescript: "^5.9.2" + typescript: "^5.9.3" }, overrides: { "@actions/tool-cache": { diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index f262402cf..2bc794853 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -44974,7 +44974,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.7", + version: "4.30.7", private: true, description: "CodeQL action", scripts: { @@ -45029,7 +45029,7 @@ var require_package = __commonJS({ "@ava/typescript": "6.0.0", "@eslint/compat": "^1.4.0", "@eslint/eslintrc": "^3.3.1", - "@eslint/js": "^9.36.0", + "@eslint/js": "^9.37.0", "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.0", "@types/archiver": "^6.0.3", @@ -45040,7 +45040,7 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", - "@typescript-eslint/eslint-plugin": "^8.44.1", + "@typescript-eslint/eslint-plugin": "^8.45.0", "@typescript-eslint/parser": "^8.41.0", ava: "^6.4.1", esbuild: "^0.25.10", @@ -45053,7 +45053,7 @@ var require_package = __commonJS({ glob: "^11.0.3", nock: "^14.0.10", sinon: "^21.0.0", - typescript: "^5.9.2" + typescript: "^5.9.3" }, overrides: { "@actions/tool-cache": { diff --git a/lib/upload-lib.js b/lib/upload-lib.js index 7d3d294d4..6aa122aca 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -33584,7 +33584,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.7", + version: "4.30.7", private: true, description: "CodeQL action", scripts: { @@ -33639,7 +33639,7 @@ var require_package = __commonJS({ "@ava/typescript": "6.0.0", "@eslint/compat": "^1.4.0", "@eslint/eslintrc": "^3.3.1", - "@eslint/js": "^9.36.0", + "@eslint/js": "^9.37.0", "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.0", "@types/archiver": "^6.0.3", @@ -33650,7 +33650,7 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", - "@typescript-eslint/eslint-plugin": "^8.44.1", + "@typescript-eslint/eslint-plugin": "^8.45.0", "@typescript-eslint/parser": "^8.41.0", ava: "^6.4.1", esbuild: "^0.25.10", @@ -33663,7 +33663,7 @@ var require_package = __commonJS({ glob: "^11.0.3", nock: "^14.0.10", sinon: "^21.0.0", - typescript: "^5.9.2" + typescript: "^5.9.3" }, overrides: { "@actions/tool-cache": { @@ -92410,12 +92410,12 @@ function getAutomationID2(category, analysis_key, environment) { } return computeAutomationID(analysis_key, environment); } -async function uploadPayload(payload, repositoryNwo, logger, target) { +async function uploadPayload(payload, repositoryNwo, logger, analysis) { logger.info("Uploading results"); if (isInTestMode()) { const payloadSaveFile = path14.join( getTemporaryDirectory(), - "payload.json" + `payload-${analysis.kind}.json` ); logger.info( `In test mode. Results are not uploaded. Saving to ${payloadSaveFile}` @@ -92426,7 +92426,7 @@ async function uploadPayload(payload, repositoryNwo, logger, target) { } const client = getApiClient(); try { - const response = await client.request(target, { + const response = await client.request(analysis.target, { owner: repositoryNwo.owner, repo: repositoryNwo.repo, data: payload @@ -92708,7 +92708,7 @@ async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features payload, getRepositoryNwo(), logger, - uploadTarget.target + uploadTarget ); logger.endGroup(); return { diff --git a/lib/upload-sarif-action-post.js b/lib/upload-sarif-action-post.js index 3eff41a55..48a864733 100644 --- a/lib/upload-sarif-action-post.js +++ b/lib/upload-sarif-action-post.js @@ -26438,7 +26438,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.7", + version: "4.30.7", private: true, description: "CodeQL action", scripts: { @@ -26493,7 +26493,7 @@ var require_package = __commonJS({ "@ava/typescript": "6.0.0", "@eslint/compat": "^1.4.0", "@eslint/eslintrc": "^3.3.1", - "@eslint/js": "^9.36.0", + "@eslint/js": "^9.37.0", "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.0", "@types/archiver": "^6.0.3", @@ -26504,7 +26504,7 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", - "@typescript-eslint/eslint-plugin": "^8.44.1", + "@typescript-eslint/eslint-plugin": "^8.45.0", "@typescript-eslint/parser": "^8.41.0", ava: "^6.4.1", esbuild: "^0.25.10", @@ -26517,7 +26517,7 @@ var require_package = __commonJS({ glob: "^11.0.3", nock: "^14.0.10", sinon: "^21.0.0", - typescript: "^5.9.2" + typescript: "^5.9.3" }, overrides: { "@actions/tool-cache": { diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index 23c046616..7579272b8 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -32287,7 +32287,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.7", + version: "4.30.7", private: true, description: "CodeQL action", scripts: { @@ -32342,7 +32342,7 @@ var require_package = __commonJS({ "@ava/typescript": "6.0.0", "@eslint/compat": "^1.4.0", "@eslint/eslintrc": "^3.3.1", - "@eslint/js": "^9.36.0", + "@eslint/js": "^9.37.0", "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.0", "@types/archiver": "^6.0.3", @@ -32353,7 +32353,7 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", - "@typescript-eslint/eslint-plugin": "^8.44.1", + "@typescript-eslint/eslint-plugin": "^8.45.0", "@typescript-eslint/parser": "^8.41.0", ava: "^6.4.1", esbuild: "^0.25.10", @@ -32366,7 +32366,7 @@ var require_package = __commonJS({ glob: "^11.0.3", nock: "^14.0.10", sinon: "^21.0.0", - typescript: "^5.9.2" + typescript: "^5.9.3" }, overrides: { "@actions/tool-cache": { @@ -93082,12 +93082,12 @@ function getAutomationID2(category, analysis_key, environment) { } return computeAutomationID(analysis_key, environment); } -async function uploadPayload(payload, repositoryNwo, logger, target) { +async function uploadPayload(payload, repositoryNwo, logger, analysis) { logger.info("Uploading results"); if (isInTestMode()) { const payloadSaveFile = path15.join( getTemporaryDirectory(), - "payload.json" + `payload-${analysis.kind}.json` ); logger.info( `In test mode. Results are not uploaded. Saving to ${payloadSaveFile}` @@ -93098,7 +93098,7 @@ async function uploadPayload(payload, repositoryNwo, logger, target) { } const client = getApiClient(); try { - const response = await client.request(target, { + const response = await client.request(analysis.target, { owner: repositoryNwo.owner, repo: repositoryNwo.repo, data: payload @@ -93349,7 +93349,7 @@ async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features payload, getRepositoryNwo(), logger, - uploadTarget.target + uploadTarget ); logger.endGroup(); return { diff --git a/package-lock.json b/package-lock.json index 911e99ad4..15b6cb949 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "codeql", - "version": "3.30.7", + "version": "4.30.7", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "codeql", - "version": "3.30.7", + "version": "4.30.7", "license": "MIT", "dependencies": { "@actions/artifact": "^2.3.1", @@ -40,7 +40,7 @@ "@ava/typescript": "6.0.0", "@eslint/compat": "^1.4.0", "@eslint/eslintrc": "^3.3.1", - "@eslint/js": "^9.36.0", + "@eslint/js": "^9.37.0", "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.0", "@types/archiver": "^6.0.3", @@ -51,7 +51,7 @@ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", - "@typescript-eslint/eslint-plugin": "^8.44.1", + "@typescript-eslint/eslint-plugin": "^8.45.0", "@typescript-eslint/parser": "^8.41.0", "ava": "^6.4.1", "esbuild": "^0.25.10", @@ -64,7 +64,7 @@ "glob": "^11.0.3", "nock": "^14.0.10", "sinon": "^21.0.0", - "typescript": "^5.9.2" + "typescript": "^5.9.3" } }, "node_modules/@aashutoshrathi/word-wrap": { @@ -1346,9 +1346,9 @@ } }, "node_modules/@eslint/js": { - "version": "9.36.0", - "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.36.0.tgz", - "integrity": "sha512-uhCbYtYynH30iZErszX78U+nR3pJU3RHGQ57NXy5QupD4SBVwDeU8TNBy+MjMngc1UyIW9noKqsRqfjQTBU2dw==", + "version": "9.37.0", + "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.37.0.tgz", + "integrity": "sha512-jaS+NJ+hximswBG6pjNX0uEJZkrT0zwpVi3BA3vX22aFGjJjmgSTSmPpZCRKmoBL5VY/M6p0xsSJx7rk7sy5gg==", "dev": true, "license": "MIT", "engines": { @@ -2712,17 +2712,17 @@ "license": "MIT" }, "node_modules/@typescript-eslint/eslint-plugin": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.44.1.tgz", - "integrity": "sha512-molgphGqOBT7t4YKCSkbasmu1tb1MgrZ2szGzHbclF7PNmOkSTQVHy+2jXOSnxvR3+Xe1yySHFZoqMpz3TfQsw==", + "version": "8.45.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.45.0.tgz", + "integrity": "sha512-HC3y9CVuevvWCl/oyZuI47dOeDF9ztdMEfMH8/DW/Mhwa9cCLnK1oD7JoTVGW/u7kFzNZUKUoyJEqkaJh5y3Wg==", "dev": true, "license": "MIT", "dependencies": { "@eslint-community/regexpp": "^4.10.0", - "@typescript-eslint/scope-manager": "8.44.1", - "@typescript-eslint/type-utils": "8.44.1", - "@typescript-eslint/utils": "8.44.1", - "@typescript-eslint/visitor-keys": "8.44.1", + "@typescript-eslint/scope-manager": "8.45.0", + "@typescript-eslint/type-utils": "8.45.0", + "@typescript-eslint/utils": "8.45.0", + "@typescript-eslint/visitor-keys": "8.45.0", "graphemer": "^1.4.0", "ignore": "^7.0.0", "natural-compare": "^1.4.0", @@ -2736,20 +2736,20 @@ "url": "https://opencollective.com/typescript-eslint" }, "peerDependencies": { - "@typescript-eslint/parser": "^8.44.1", + "@typescript-eslint/parser": "^8.45.0", "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/scope-manager": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.44.1.tgz", - "integrity": "sha512-NdhWHgmynpSvyhchGLXh+w12OMT308Gm25JoRIyTZqEbApiBiQHD/8xgb6LqCWCFcxFtWwaVdFsLPQI3jvhywg==", + "version": "8.45.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.45.0.tgz", + "integrity": "sha512-clmm8XSNj/1dGvJeO6VGH7EUSeA0FMs+5au/u3lrA3KfG8iJ4u8ym9/j2tTEoacAffdW1TVUzXO30W1JTJS7dA==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/types": "8.44.1", - "@typescript-eslint/visitor-keys": "8.44.1" + "@typescript-eslint/types": "8.45.0", + "@typescript-eslint/visitor-keys": "8.45.0" }, "engines": { "node": "^18.18.0 || ^20.9.0 || >=21.1.0" @@ -2760,9 +2760,9 @@ } }, "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/types": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.44.1.tgz", - "integrity": "sha512-Lk7uj7y9uQUOEguiDIDLYLJOrYHQa7oBiURYVFqIpGxclAFQ78f6VUOM8lI2XEuNOKNB7XuvM2+2cMXAoq4ALQ==", + "version": "8.45.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.45.0.tgz", + "integrity": "sha512-WugXLuOIq67BMgQInIxxnsSyRLFxdkJEJu8r4ngLR56q/4Q5LrbfkFRH27vMTjxEK8Pyz7QfzuZe/G15qQnVRA==", "dev": true, "license": "MIT", "engines": { @@ -2774,16 +2774,16 @@ } }, "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/typescript-estree": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.44.1.tgz", - "integrity": "sha512-qnQJ+mVa7szevdEyvfItbO5Vo+GfZ4/GZWWDRRLjrxYPkhM+6zYB2vRYwCsoJLzqFCdZT4mEqyJoyzkunsZ96A==", + "version": "8.45.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.45.0.tgz", + "integrity": "sha512-GfE1NfVbLam6XQ0LcERKwdTTPlLvHvXXhOeUGC1OXi4eQBoyy1iVsW+uzJ/J9jtCz6/7GCQ9MtrQ0fml/jWCnA==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/project-service": "8.44.1", - "@typescript-eslint/tsconfig-utils": "8.44.1", - "@typescript-eslint/types": "8.44.1", - "@typescript-eslint/visitor-keys": "8.44.1", + "@typescript-eslint/project-service": "8.45.0", + "@typescript-eslint/tsconfig-utils": "8.45.0", + "@typescript-eslint/types": "8.45.0", + "@typescript-eslint/visitor-keys": "8.45.0", "debug": "^4.3.4", "fast-glob": "^3.3.2", "is-glob": "^4.0.3", @@ -2803,16 +2803,16 @@ } }, "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/utils": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.44.1.tgz", - "integrity": "sha512-DpX5Fp6edTlocMCwA+mHY8Mra+pPjRZ0TfHkXI8QFelIKcbADQz1LUPNtzOFUriBB2UYqw4Pi9+xV4w9ZczHFg==", + "version": "8.45.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.45.0.tgz", + "integrity": "sha512-bxi1ht+tLYg4+XV2knz/F7RVhU0k6VrSMc9sb8DQ6fyCTrGQLHfo7lDtN0QJjZjKkLA2ThrKuCdHEvLReqtIGg==", "dev": true, "license": "MIT", "dependencies": { "@eslint-community/eslint-utils": "^4.7.0", - "@typescript-eslint/scope-manager": "8.44.1", - "@typescript-eslint/types": "8.44.1", - "@typescript-eslint/typescript-estree": "8.44.1" + "@typescript-eslint/scope-manager": "8.45.0", + "@typescript-eslint/types": "8.45.0", + "@typescript-eslint/typescript-estree": "8.45.0" }, "engines": { "node": "^18.18.0 || ^20.9.0 || >=21.1.0" @@ -2827,13 +2827,13 @@ } }, "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/visitor-keys": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.44.1.tgz", - "integrity": "sha512-576+u0QD+Jp3tZzvfRfxon0EA2lzcDt3lhUbsC6Lgzy9x2VR4E+JUiNyGHi5T8vk0TV+fpJ5GLG1JsJuWCaKhw==", + "version": "8.45.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.45.0.tgz", + "integrity": "sha512-qsaFBA3e09MIDAGFUrTk+dzqtfv1XPVz8t8d1f0ybTzrCY7BKiMC5cjrl1O/P7UmHsNyW90EYSkU/ZWpmXelag==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/types": "8.44.1", + "@typescript-eslint/types": "8.45.0", "eslint-visitor-keys": "^4.2.1" }, "engines": { @@ -2906,16 +2906,16 @@ } }, "node_modules/@typescript-eslint/parser": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.44.1.tgz", - "integrity": "sha512-EHrrEsyhOhxYt8MTg4zTF+DJMuNBzWwgvvOYNj/zm1vnaD/IC5zCXFehZv94Piqa2cRFfXrTFxIvO95L7Qc/cw==", + "version": "8.45.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.45.0.tgz", + "integrity": "sha512-TGf22kon8KW+DeKaUmOibKWktRY8b2NSAZNdtWh798COm1NWx8+xJ6iFBtk3IvLdv6+LGLJLRlyhrhEDZWargQ==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/scope-manager": "8.44.1", - "@typescript-eslint/types": "8.44.1", - "@typescript-eslint/typescript-estree": "8.44.1", - "@typescript-eslint/visitor-keys": "8.44.1", + "@typescript-eslint/scope-manager": "8.45.0", + "@typescript-eslint/types": "8.45.0", + "@typescript-eslint/typescript-estree": "8.45.0", + "@typescript-eslint/visitor-keys": "8.45.0", "debug": "^4.3.4" }, "engines": { @@ -2931,14 +2931,14 @@ } }, "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/scope-manager": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.44.1.tgz", - "integrity": "sha512-NdhWHgmynpSvyhchGLXh+w12OMT308Gm25JoRIyTZqEbApiBiQHD/8xgb6LqCWCFcxFtWwaVdFsLPQI3jvhywg==", + "version": "8.45.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.45.0.tgz", + "integrity": "sha512-clmm8XSNj/1dGvJeO6VGH7EUSeA0FMs+5au/u3lrA3KfG8iJ4u8ym9/j2tTEoacAffdW1TVUzXO30W1JTJS7dA==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/types": "8.44.1", - "@typescript-eslint/visitor-keys": "8.44.1" + "@typescript-eslint/types": "8.45.0", + "@typescript-eslint/visitor-keys": "8.45.0" }, "engines": { "node": "^18.18.0 || ^20.9.0 || >=21.1.0" @@ -2949,9 +2949,9 @@ } }, "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/types": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.44.1.tgz", - "integrity": "sha512-Lk7uj7y9uQUOEguiDIDLYLJOrYHQa7oBiURYVFqIpGxclAFQ78f6VUOM8lI2XEuNOKNB7XuvM2+2cMXAoq4ALQ==", + "version": "8.45.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.45.0.tgz", + "integrity": "sha512-WugXLuOIq67BMgQInIxxnsSyRLFxdkJEJu8r4ngLR56q/4Q5LrbfkFRH27vMTjxEK8Pyz7QfzuZe/G15qQnVRA==", "dev": true, "license": "MIT", "engines": { @@ -2963,16 +2963,16 @@ } }, "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/typescript-estree": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.44.1.tgz", - "integrity": "sha512-qnQJ+mVa7szevdEyvfItbO5Vo+GfZ4/GZWWDRRLjrxYPkhM+6zYB2vRYwCsoJLzqFCdZT4mEqyJoyzkunsZ96A==", + "version": "8.45.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.45.0.tgz", + "integrity": "sha512-GfE1NfVbLam6XQ0LcERKwdTTPlLvHvXXhOeUGC1OXi4eQBoyy1iVsW+uzJ/J9jtCz6/7GCQ9MtrQ0fml/jWCnA==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/project-service": "8.44.1", - "@typescript-eslint/tsconfig-utils": "8.44.1", - "@typescript-eslint/types": "8.44.1", - "@typescript-eslint/visitor-keys": "8.44.1", + "@typescript-eslint/project-service": "8.45.0", + "@typescript-eslint/tsconfig-utils": "8.45.0", + "@typescript-eslint/types": "8.45.0", + "@typescript-eslint/visitor-keys": "8.45.0", "debug": "^4.3.4", "fast-glob": "^3.3.2", "is-glob": "^4.0.3", @@ -2992,13 +2992,13 @@ } }, "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/visitor-keys": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.44.1.tgz", - "integrity": "sha512-576+u0QD+Jp3tZzvfRfxon0EA2lzcDt3lhUbsC6Lgzy9x2VR4E+JUiNyGHi5T8vk0TV+fpJ5GLG1JsJuWCaKhw==", + "version": "8.45.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.45.0.tgz", + "integrity": "sha512-qsaFBA3e09MIDAGFUrTk+dzqtfv1XPVz8t8d1f0ybTzrCY7BKiMC5cjrl1O/P7UmHsNyW90EYSkU/ZWpmXelag==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/types": "8.44.1", + "@typescript-eslint/types": "8.45.0", "eslint-visitor-keys": "^4.2.1" }, "engines": { @@ -3062,14 +3062,14 @@ } }, "node_modules/@typescript-eslint/project-service": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.44.1.tgz", - "integrity": "sha512-ycSa60eGg8GWAkVsKV4E6Nz33h+HjTXbsDT4FILyL8Obk5/mx4tbvCNsLf9zret3ipSumAOG89UcCs/KRaKYrA==", + "version": "8.45.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.45.0.tgz", + "integrity": "sha512-3pcVHwMG/iA8afdGLMuTibGR7pDsn9RjDev6CCB+naRsSYs2pns5QbinF4Xqw6YC/Sj3lMrm/Im0eMfaa61WUg==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/tsconfig-utils": "^8.44.1", - "@typescript-eslint/types": "^8.44.1", + "@typescript-eslint/tsconfig-utils": "^8.45.0", + "@typescript-eslint/types": "^8.45.0", "debug": "^4.3.4" }, "engines": { @@ -3084,9 +3084,9 @@ } }, "node_modules/@typescript-eslint/project-service/node_modules/@typescript-eslint/types": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.44.1.tgz", - "integrity": "sha512-Lk7uj7y9uQUOEguiDIDLYLJOrYHQa7oBiURYVFqIpGxclAFQ78f6VUOM8lI2XEuNOKNB7XuvM2+2cMXAoq4ALQ==", + "version": "8.45.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.45.0.tgz", + "integrity": "sha512-WugXLuOIq67BMgQInIxxnsSyRLFxdkJEJu8r4ngLR56q/4Q5LrbfkFRH27vMTjxEK8Pyz7QfzuZe/G15qQnVRA==", "dev": true, "license": "MIT", "engines": { @@ -3116,9 +3116,9 @@ } }, "node_modules/@typescript-eslint/tsconfig-utils": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.44.1.tgz", - "integrity": "sha512-B5OyACouEjuIvof3o86lRMvyDsFwZm+4fBOqFHccIctYgBjqR3qT39FBYGN87khcgf0ExpdCBeGKpKRhSFTjKQ==", + "version": "8.45.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.45.0.tgz", + "integrity": "sha512-aFdr+c37sc+jqNMGhH+ajxPXwjv9UtFZk79k8pLoJ6p4y0snmYpPA52GuWHgt2ZF4gRRW6odsEj41uZLojDt5w==", "dev": true, "license": "MIT", "engines": { @@ -3133,15 +3133,15 @@ } }, "node_modules/@typescript-eslint/type-utils": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.44.1.tgz", - "integrity": "sha512-KdEerZqHWXsRNKjF9NYswNISnFzXfXNDfPxoTh7tqohU/PRIbwTmsjGK6V9/RTYWau7NZvfo52lgVk+sJh0K3g==", + "version": "8.45.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.45.0.tgz", + "integrity": "sha512-bpjepLlHceKgyMEPglAeULX1vixJDgaKocp0RVJ5u4wLJIMNuKtUXIczpJCPcn2waII0yuvks/5m5/h3ZQKs0A==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/types": "8.44.1", - "@typescript-eslint/typescript-estree": "8.44.1", - "@typescript-eslint/utils": "8.44.1", + "@typescript-eslint/types": "8.45.0", + "@typescript-eslint/typescript-estree": "8.45.0", + "@typescript-eslint/utils": "8.45.0", "debug": "^4.3.4", "ts-api-utils": "^2.1.0" }, @@ -3158,14 +3158,14 @@ } }, "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/scope-manager": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.44.1.tgz", - "integrity": "sha512-NdhWHgmynpSvyhchGLXh+w12OMT308Gm25JoRIyTZqEbApiBiQHD/8xgb6LqCWCFcxFtWwaVdFsLPQI3jvhywg==", + "version": "8.45.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.45.0.tgz", + "integrity": "sha512-clmm8XSNj/1dGvJeO6VGH7EUSeA0FMs+5au/u3lrA3KfG8iJ4u8ym9/j2tTEoacAffdW1TVUzXO30W1JTJS7dA==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/types": "8.44.1", - "@typescript-eslint/visitor-keys": "8.44.1" + "@typescript-eslint/types": "8.45.0", + "@typescript-eslint/visitor-keys": "8.45.0" }, "engines": { "node": "^18.18.0 || ^20.9.0 || >=21.1.0" @@ -3176,9 +3176,9 @@ } }, "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/types": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.44.1.tgz", - "integrity": "sha512-Lk7uj7y9uQUOEguiDIDLYLJOrYHQa7oBiURYVFqIpGxclAFQ78f6VUOM8lI2XEuNOKNB7XuvM2+2cMXAoq4ALQ==", + "version": "8.45.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.45.0.tgz", + "integrity": "sha512-WugXLuOIq67BMgQInIxxnsSyRLFxdkJEJu8r4ngLR56q/4Q5LrbfkFRH27vMTjxEK8Pyz7QfzuZe/G15qQnVRA==", "dev": true, "license": "MIT", "engines": { @@ -3190,16 +3190,16 @@ } }, "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/typescript-estree": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.44.1.tgz", - "integrity": "sha512-qnQJ+mVa7szevdEyvfItbO5Vo+GfZ4/GZWWDRRLjrxYPkhM+6zYB2vRYwCsoJLzqFCdZT4mEqyJoyzkunsZ96A==", + "version": "8.45.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.45.0.tgz", + "integrity": "sha512-GfE1NfVbLam6XQ0LcERKwdTTPlLvHvXXhOeUGC1OXi4eQBoyy1iVsW+uzJ/J9jtCz6/7GCQ9MtrQ0fml/jWCnA==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/project-service": "8.44.1", - "@typescript-eslint/tsconfig-utils": "8.44.1", - "@typescript-eslint/types": "8.44.1", - "@typescript-eslint/visitor-keys": "8.44.1", + "@typescript-eslint/project-service": "8.45.0", + "@typescript-eslint/tsconfig-utils": "8.45.0", + "@typescript-eslint/types": "8.45.0", + "@typescript-eslint/visitor-keys": "8.45.0", "debug": "^4.3.4", "fast-glob": "^3.3.2", "is-glob": "^4.0.3", @@ -3219,16 +3219,16 @@ } }, "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/utils": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.44.1.tgz", - "integrity": "sha512-DpX5Fp6edTlocMCwA+mHY8Mra+pPjRZ0TfHkXI8QFelIKcbADQz1LUPNtzOFUriBB2UYqw4Pi9+xV4w9ZczHFg==", + "version": "8.45.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.45.0.tgz", + "integrity": "sha512-bxi1ht+tLYg4+XV2knz/F7RVhU0k6VrSMc9sb8DQ6fyCTrGQLHfo7lDtN0QJjZjKkLA2ThrKuCdHEvLReqtIGg==", "dev": true, "license": "MIT", "dependencies": { "@eslint-community/eslint-utils": "^4.7.0", - "@typescript-eslint/scope-manager": "8.44.1", - "@typescript-eslint/types": "8.44.1", - "@typescript-eslint/typescript-estree": "8.44.1" + "@typescript-eslint/scope-manager": "8.45.0", + "@typescript-eslint/types": "8.45.0", + "@typescript-eslint/typescript-estree": "8.45.0" }, "engines": { "node": "^18.18.0 || ^20.9.0 || >=21.1.0" @@ -3243,13 +3243,13 @@ } }, "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/visitor-keys": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.44.1.tgz", - "integrity": "sha512-576+u0QD+Jp3tZzvfRfxon0EA2lzcDt3lhUbsC6Lgzy9x2VR4E+JUiNyGHi5T8vk0TV+fpJ5GLG1JsJuWCaKhw==", + "version": "8.45.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.45.0.tgz", + "integrity": "sha512-qsaFBA3e09MIDAGFUrTk+dzqtfv1XPVz8t8d1f0ybTzrCY7BKiMC5cjrl1O/P7UmHsNyW90EYSkU/ZWpmXelag==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/types": "8.44.1", + "@typescript-eslint/types": "8.45.0", "eslint-visitor-keys": "^4.2.1" }, "engines": { @@ -9043,9 +9043,9 @@ } }, "node_modules/typescript": { - "version": "5.9.2", - "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.9.2.tgz", - "integrity": "sha512-CWBzXQrc/qOkhidw1OzBTQuYRbfyxDXJMVJ1XNwUHGROVmuaeiEm3OslpZ1RV96d7SKKjZKrSJu3+t/xlw3R9A==", + "version": "5.9.3", + "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.9.3.tgz", + "integrity": "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw==", "dev": true, "license": "Apache-2.0", "bin": { diff --git a/package.json b/package.json index 32b427bb4..0a47c15db 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "codeql", - "version": "3.30.7", + "version": "4.30.7", "private": true, "description": "CodeQL action", "scripts": { @@ -55,7 +55,7 @@ "@ava/typescript": "6.0.0", "@eslint/compat": "^1.4.0", "@eslint/eslintrc": "^3.3.1", - "@eslint/js": "^9.36.0", + "@eslint/js": "^9.37.0", "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.0", "@types/archiver": "^6.0.3", @@ -66,7 +66,7 @@ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", - "@typescript-eslint/eslint-plugin": "^8.44.1", + "@typescript-eslint/eslint-plugin": "^8.45.0", "@typescript-eslint/parser": "^8.41.0", "ava": "^6.4.1", "esbuild": "^0.25.10", @@ -79,7 +79,7 @@ "glob": "^11.0.3", "nock": "^14.0.10", "sinon": "^21.0.0", - "typescript": "^5.9.2" + "typescript": "^5.9.3" }, "overrides": { "@actions/tool-cache": { diff --git a/pr-checks/checks/upload-quality-sarif.yml b/pr-checks/checks/upload-quality-sarif.yml deleted file mode 100644 index 1d4dd9d28..000000000 --- a/pr-checks/checks/upload-quality-sarif.yml +++ /dev/null @@ -1,26 +0,0 @@ -name: "Upload-sarif: code quality endpoint" -description: "Checks that uploading SARIFs to the code quality endpoint works" -versions: ["default"] -installGo: true -steps: - - uses: ./../action/init - with: - tools: ${{ steps.prepare-test.outputs.tools-url }} - languages: csharp,java,javascript,python - analysis-kinds: code-quality - - name: Build code - run: ./build.sh - # Generate some SARIF we can upload with the upload-sarif step - - uses: ./../action/analyze - with: - ref: 'refs/heads/main' - sha: '5e235361806c361d4d3f8859e3c897658025a9a2' - upload: never - - uses: ./../action/upload-sarif - id: upload-sarif - with: - ref: 'refs/heads/main' - sha: '5e235361806c361d4d3f8859e3c897658025a9a2' - - name: "Check output from `upload-sarif` step" - if: '!(fromJSON(steps.upload-sarif.outputs.sarif-ids).code-quality)' - run: exit 1 diff --git a/pr-checks/checks/upload-sarif.yml b/pr-checks/checks/upload-sarif.yml new file mode 100644 index 000000000..1801a2740 --- /dev/null +++ b/pr-checks/checks/upload-sarif.yml @@ -0,0 +1,81 @@ +name: "Test different uses of `upload-sarif`" +description: "Checks that uploading SARIFs to the code quality endpoint works" +versions: ["default"] +analysisKinds: ["code-scanning", "code-quality", "code-scanning,code-quality"] +installGo: true +steps: + - uses: ./../action/init + with: + tools: ${{ steps.prepare-test.outputs.tools-url }} + languages: csharp,java,javascript,python + analysis-kinds: ${{ matrix.analysis-kinds }} + - name: Build code + run: ./build.sh + # Generate some SARIF we can upload with the upload-sarif step + - uses: ./../action/analyze + with: + ref: 'refs/heads/main' + sha: '5e235361806c361d4d3f8859e3c897658025a9a2' + upload: never + output: ${{ runner.temp }}/results + + - name: | + Upload all SARIF files for `analysis-kinds: ${{ matrix.analysis-kinds }}` + uses: ./../action/upload-sarif + id: upload-sarif + with: + ref: 'refs/heads/main' + sha: '5e235361806c361d4d3f8859e3c897658025a9a2' + sarif_file: ${{ runner.temp }}/results + category: | + ${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:all-files/ + - name: "Fail for missing output from `upload-sarif` step for `code-scanning`" + if: "contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-sarif.outputs.sarif-ids).code-scanning)" + run: exit 1 + - name: "Fail for missing output from `upload-sarif` step for `code-quality`" + if: "contains(matrix.analysis-kinds, 'code-quality') && !(fromJSON(steps.upload-sarif.outputs.sarif-ids).code-quality)" + run: exit 1 + + - name: Upload single SARIF file for Code Scanning + uses: ./../action/upload-sarif + id: upload-single-sarif-code-scanning + if: "contains(matrix.analysis-kinds, 'code-scanning')" + with: + ref: 'refs/heads/main' + sha: '5e235361806c361d4d3f8859e3c897658025a9a2' + sarif_file: ${{ runner.temp }}/results/javascript.sarif + category: | + ${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:single-code-scanning/ + - name: "Fail for missing output from `upload-single-sarif-code-scanning` step" + if: "contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-single-sarif-code-scanning.outputs.sarif-ids).code-scanning)" + run: exit 1 + - name: Upload single SARIF file for Code Quality + uses: ./../action/upload-sarif + id: upload-single-sarif-code-quality + if: "contains(matrix.analysis-kinds, 'code-quality')" + with: + ref: 'refs/heads/main' + sha: '5e235361806c361d4d3f8859e3c897658025a9a2' + sarif_file: ${{ runner.temp }}/results/javascript.quality.sarif + category: | + ${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:single-code-quality/ + - name: "Fail for missing output from `upload-single-sarif-code-quality` step" + if: "contains(matrix.analysis-kinds, 'code-quality') && !(fromJSON(steps.upload-single-sarif-code-quality.outputs.sarif-ids).code-quality)" + run: exit 1 + + - name: Change SARIF file extension + if: "contains(matrix.analysis-kinds, 'code-scanning')" + run: mv ${{ runner.temp }}/results/javascript.sarif ${{ runner.temp }}/results/javascript.sarif.json + - name: Upload single non-`.sarif` file + uses: ./../action/upload-sarif + id: upload-single-non-sarif + if: "contains(matrix.analysis-kinds, 'code-scanning')" + with: + ref: 'refs/heads/main' + sha: '5e235361806c361d4d3f8859e3c897658025a9a2' + sarif_file: ${{ runner.temp }}/results/javascript.sarif.json + category: | + ${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:non-sarif/ + - name: "Fail for missing output from `upload-single-non-sarif` step" + if: "contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-single-non-sarif.outputs.sarif-ids).code-scanning)" + run: exit 1 diff --git a/pr-checks/checks/with-checkout-path.yml b/pr-checks/checks/with-checkout-path.yml index 641dcf220..d0662be01 100644 --- a/pr-checks/checks/with-checkout-path.yml +++ b/pr-checks/checks/with-checkout-path.yml @@ -37,28 +37,29 @@ steps: - name: Verify SARIF after upload run: | + PAYLOAD_FILE="$RUNNER_TEMP/payload-code-scanning.json" EXPECTED_COMMIT_OID="474bbf07f9247ffe1856c6a0f94aeeb10e7afee6" EXPECTED_REF="v1.1.0" EXPECTED_CHECKOUT_URI_SUFFIX="/x/y/z/some-path/tests/multi-language-repo" - ACTUAL_COMMIT_OID="$(cat "$RUNNER_TEMP/payload.json" | jq -r .commit_oid)" - ACTUAL_REF="$(cat "$RUNNER_TEMP/payload.json" | jq -r .ref)" - ACTUAL_CHECKOUT_URI="$(cat "$RUNNER_TEMP/payload.json" | jq -r .checkout_uri)" + ACTUAL_COMMIT_OID="$(cat "$PAYLOAD_FILE" | jq -r .commit_oid)" + ACTUAL_REF="$(cat "$PAYLOAD_FILE" | jq -r .ref)" + ACTUAL_CHECKOUT_URI="$(cat "$PAYLOAD_FILE" | jq -r .checkout_uri)" if [[ "$EXPECTED_COMMIT_OID" != "$ACTUAL_COMMIT_OID" ]]; then echo "::error Invalid commit oid. Expected: $EXPECTED_COMMIT_OID Actual: $ACTUAL_COMMIT_OID" - echo "$RUNNER_TEMP/payload.json" + echo "$PAYLOAD_FILE" exit 1 fi if [[ "$EXPECTED_REF" != "$ACTUAL_REF" ]]; then echo "::error Invalid ref. Expected: '$EXPECTED_REF' Actual: '$ACTUAL_REF'" - echo "$RUNNER_TEMP/payload.json" + echo "$PAYLOAD_FILE" exit 1 fi if [[ "$ACTUAL_CHECKOUT_URI" != *$EXPECTED_CHECKOUT_URI_SUFFIX ]]; then echo "::error Invalid checkout URI suffix. Expected suffix: $EXPECTED_CHECKOUT_URI_SUFFIX Actual uri: $ACTUAL_CHECKOUT_URI" - echo "$RUNNER_TEMP/payload.json" + echo "$PAYLOAD_FILE" exit 1 fi diff --git a/resolve-environment/action.yml b/resolve-environment/action.yml index 188e5fd17..0734fcfa4 100644 --- a/resolve-environment/action.yml +++ b/resolve-environment/action.yml @@ -21,5 +21,5 @@ outputs: environment: description: The inferred build environment configuration. runs: - using: node20 + using: node24 main: '../lib/resolve-environment-action.js' diff --git a/src/autobuild.ts b/src/autobuild.ts index 1812e3501..ce3d45cc4 100644 --- a/src/autobuild.ts +++ b/src/autobuild.ts @@ -52,11 +52,11 @@ export async function determineAutobuildLanguages( * For example, consider a user with the following workflow file: * * ```yml - * - uses: github/codeql-action/init@v3 + * - uses: github/codeql-action/init@v4 * with: * languages: go, java - * - uses: github/codeql-action/autobuild@v3 - * - uses: github/codeql-action/analyze@v3 + * - uses: github/codeql-action/autobuild@v4 + * - uses: github/codeql-action/analyze@v4 * ``` * * - With Go extraction disabled, we will run the Java autobuilder in the diff --git a/src/init-action-post-helper.test.ts b/src/init-action-post-helper.test.ts index 72a828a33..1c1cbcb68 100644 --- a/src/init-action-post-helper.test.ts +++ b/src/init-action-post-helper.test.ts @@ -84,14 +84,14 @@ test("uploads failed SARIF run with `diagnostics export` if feature flag is off" }, { name: "Initialize CodeQL", - uses: "github/codeql-action/init@v3", + uses: "github/codeql-action/init@v4", with: { languages: "javascript", }, }, { name: "Perform CodeQL Analysis", - uses: "github/codeql-action/analyze@v3", + uses: "github/codeql-action/analyze@v4", with: { category: "my-category", }, @@ -108,14 +108,14 @@ test("uploads failed SARIF run with `diagnostics export` if the database doesn't }, { name: "Initialize CodeQL", - uses: "github/codeql-action/init@v3", + uses: "github/codeql-action/init@v4", with: { languages: "javascript", }, }, { name: "Perform CodeQL Analysis", - uses: "github/codeql-action/analyze@v3", + uses: "github/codeql-action/analyze@v4", with: { category: "my-category", }, @@ -135,14 +135,14 @@ test("uploads failed SARIF run with database export-diagnostics if the database }, { name: "Initialize CodeQL", - uses: "github/codeql-action/init@v3", + uses: "github/codeql-action/init@v4", with: { languages: "javascript", }, }, { name: "Perform CodeQL Analysis", - uses: "github/codeql-action/analyze@v3", + uses: "github/codeql-action/analyze@v4", with: { category: "my-category", }, @@ -192,14 +192,14 @@ for (const { uploadInput, shouldUpload } of UPLOAD_INPUT_TEST_CASES) { }, { name: "Initialize CodeQL", - uses: "github/codeql-action/init@v3", + uses: "github/codeql-action/init@v4", with: { languages: "javascript", }, }, { name: "Perform CodeQL Analysis", - uses: "github/codeql-action/analyze@v3", + uses: "github/codeql-action/analyze@v4", with: { category: "my-category", upload: uploadInput, @@ -227,14 +227,14 @@ test("uploading failed SARIF run succeeds when workflow uses an input with a mat }, { name: "Initialize CodeQL", - uses: "github/codeql-action/init@v3", + uses: "github/codeql-action/init@v4", with: { languages: "javascript", }, }, { name: "Perform CodeQL Analysis", - uses: "github/codeql-action/analyze@v3", + uses: "github/codeql-action/analyze@v4", with: { category: "/language:${{ matrix.language }}", }, @@ -254,14 +254,14 @@ test("uploading failed SARIF run fails when workflow uses a complex upload input }, { name: "Initialize CodeQL", - uses: "github/codeql-action/init@v3", + uses: "github/codeql-action/init@v4", with: { languages: "javascript", }, }, { name: "Perform CodeQL Analysis", - uses: "github/codeql-action/analyze@v3", + uses: "github/codeql-action/analyze@v4", with: { upload: "${{ matrix.language != 'csharp' }}", }, diff --git a/src/upload-lib.ts b/src/upload-lib.ts index cfa362b67..2559cd7ad 100644 --- a/src/upload-lib.ts +++ b/src/upload-lib.ts @@ -352,7 +352,7 @@ async function uploadPayload( payload: any, repositoryNwo: RepositoryNwo, logger: Logger, - target: analyses.SARIF_UPLOAD_ENDPOINT, + analysis: analyses.AnalysisConfig, ): Promise { logger.info("Uploading results"); @@ -360,7 +360,7 @@ async function uploadPayload( if (util.isInTestMode()) { const payloadSaveFile = path.join( actionsUtil.getTemporaryDirectory(), - "payload.json", + `payload-${analysis.kind}.json`, ); logger.info( `In test mode. Results are not uploaded. Saving to ${payloadSaveFile}`, @@ -373,7 +373,7 @@ async function uploadPayload( const client = api.getApiClient(); try { - const response = await client.request(target, { + const response = await client.request(analysis.target, { owner: repositoryNwo.owner, repo: repositoryNwo.repo, data: payload, @@ -807,7 +807,7 @@ export async function uploadSpecifiedFiles( payload, getRepositoryNwo(), logger, - uploadTarget.target, + uploadTarget, ); logger.endGroup(); diff --git a/src/workflow.test.ts b/src/workflow.test.ts index 9af81459e..e922d8079 100644 --- a/src/workflow.test.ts +++ b/src/workflow.test.ts @@ -395,9 +395,9 @@ async function testLanguageAliases( }, }, steps: [ - { uses: "actions/checkout@v3" }, - { uses: "github/codeql-action/init@v3" }, - { uses: "github/codeql-action/analyze@v3" }, + { uses: "actions/checkout@v4" }, + { uses: "github/codeql-action/init@v4" }, + { uses: "github/codeql-action/analyze@v4" }, ], }, }, @@ -666,7 +666,7 @@ test("getWorkflowErrors() should report a warning if different versions of the C analyze: steps: - uses: github/codeql-action/init@v2 - - uses: github/codeql-action/analyze@v3 + - uses: github/codeql-action/analyze@v4 `) as Workflow, await getCodeQLForTesting(), ); @@ -686,8 +686,8 @@ test("getWorkflowErrors() should not report a warning if the same versions of th jobs: analyze: steps: - - uses: github/codeql-action/init@v3 - - uses: github/codeql-action/analyze@v3 + - uses: github/codeql-action/init@v4 + - uses: github/codeql-action/analyze@v4 `) as Workflow, await getCodeQLForTesting(), ); @@ -706,7 +706,7 @@ test("getWorkflowErrors() should not report a warning involving versions of othe analyze: steps: - uses: actions/checkout@v5 - - uses: github/codeql-action/init@v3 + - uses: github/codeql-action/init@v4 `) as Workflow, await getCodeQLForTesting(), ); @@ -723,9 +723,9 @@ test("getCategoryInputOrThrow returns category for simple workflow with category analysis: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: github/codeql-action/init@v3 - - uses: github/codeql-action/analyze@v3 + - uses: actions/checkout@v4 + - uses: github/codeql-action/init@v4 + - uses: github/codeql-action/analyze@v4 with: category: some-category `) as Workflow, @@ -745,9 +745,9 @@ test("getCategoryInputOrThrow returns undefined for simple workflow without cate analysis: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: github/codeql-action/init@v3 - - uses: github/codeql-action/analyze@v3 + - uses: actions/checkout@v4 + - uses: github/codeql-action/init@v4 + - uses: github/codeql-action/analyze@v4 `) as Workflow, "analysis", {}, @@ -765,19 +765,19 @@ test("getCategoryInputOrThrow returns category for workflow with multiple jobs", foo: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: github/codeql-action/init@v3 + - uses: actions/checkout@v4 + - uses: github/codeql-action/init@v4 - runs: ./build foo - - uses: github/codeql-action/analyze@v3 + - uses: github/codeql-action/analyze@v4 with: category: foo-category bar: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: github/codeql-action/init@v3 + - uses: actions/checkout@v4 + - uses: github/codeql-action/init@v4 - runs: ./build bar - - uses: github/codeql-action/analyze@v3 + - uses: github/codeql-action/analyze@v4 with: category: bar-category `) as Workflow, @@ -800,11 +800,11 @@ test("getCategoryInputOrThrow finds category for workflow with language matrix", matrix: language: [javascript, python] steps: - - uses: actions/checkout@v3 - - uses: github/codeql-action/init@v3 + - uses: actions/checkout@v4 + - uses: github/codeql-action/init@v4 with: language: \${{ matrix.language }} - - uses: github/codeql-action/analyze@v3 + - uses: github/codeql-action/analyze@v4 with: category: "/language:\${{ matrix.language }}" `) as Workflow, @@ -824,9 +824,9 @@ test("getCategoryInputOrThrow throws error for workflow with dynamic category", jobs: analysis: steps: - - uses: actions/checkout@v3 - - uses: github/codeql-action/init@v3 - - uses: github/codeql-action/analyze@v3 + - uses: actions/checkout@v4 + - uses: github/codeql-action/init@v4 + - uses: github/codeql-action/analyze@v4 with: category: "\${{ github.workflow }}" `) as Workflow, @@ -851,12 +851,12 @@ test("getCategoryInputOrThrow throws error for workflow with multiple calls to a analysis: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: github/codeql-action/init@v3 - - uses: github/codeql-action/analyze@v3 + - uses: actions/checkout@v4 + - uses: github/codeql-action/init@v4 + - uses: github/codeql-action/analyze@v4 with: category: some-category - - uses: github/codeql-action/analyze@v3 + - uses: github/codeql-action/analyze@v4 with: category: another-category `) as Workflow, diff --git a/start-proxy/action.yml b/start-proxy/action.yml index 17fc3bbe6..275841d9a 100644 --- a/start-proxy/action.yml +++ b/start-proxy/action.yml @@ -29,6 +29,6 @@ outputs: proxy_urls: description: A stringified JSON array of objects containing the types and URLs of the configured registries. runs: - using: node20 + using: node24 main: "../lib/start-proxy-action.js" post: "../lib/start-proxy-action-post.js" diff --git a/upload-sarif/action.yml b/upload-sarif/action.yml index cd61886c6..2827891b2 100644 --- a/upload-sarif/action.yml +++ b/upload-sarif/action.yml @@ -41,6 +41,6 @@ outputs: { "code-scanning": "some-id", "code-quality": "some-other-id" } runs: - using: node20 + using: node24 main: '../lib/upload-sarif-action.js' post: '../lib/upload-sarif-action-post.js'