From dd8914320f183a2820ffe1a91b9fc453164493e6 Mon Sep 17 00:00:00 2001 From: Kasper Svendsen Date: Wed, 3 Dec 2025 09:15:15 +0100 Subject: [PATCH 1/9] CodeQL: Add resolveDatabase method --- lib/analyze-action-post.js | 17 +++++++++++++++++ lib/analyze-action.js | 17 +++++++++++++++++ lib/autobuild-action.js | 17 +++++++++++++++++ lib/init-action-post.js | 17 +++++++++++++++++ lib/init-action.js | 17 +++++++++++++++++ lib/resolve-environment-action.js | 17 +++++++++++++++++ lib/setup-codeql-action.js | 17 +++++++++++++++++ lib/upload-lib.js | 17 +++++++++++++++++ lib/upload-sarif-action.js | 17 +++++++++++++++++ src/codeql.ts | 26 ++++++++++++++++++++++++++ 10 files changed, 179 insertions(+) diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index b4ee3c8d5..4b90e5a46 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -120735,6 +120735,23 @@ ${output}` ); } }, + async resolveDatabase(databasePath) { + const codeqlArgs = [ + "resolve", + "database", + databasePath, + "--format=json", + ...getExtraOptionsFromEnv(["resolve", "database"]) + ]; + const output = await runCli(cmd, codeqlArgs, { noStreamStdout: true }); + try { + return JSON.parse(output); + } catch (e) { + throw new Error( + `Unexpected output from codeql resolve database --format=json: ${e}` + ); + } + }, async mergeResults(sarifFiles, outputFile, { mergeRunsFromEqualCategory = false }) { diff --git a/lib/analyze-action.js b/lib/analyze-action.js index 1ba7f39e9..e05bbd8c8 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -90887,6 +90887,23 @@ ${output}` ); } }, + async resolveDatabase(databasePath) { + const codeqlArgs = [ + "resolve", + "database", + databasePath, + "--format=json", + ...getExtraOptionsFromEnv(["resolve", "database"]) + ]; + const output = await runCli(cmd, codeqlArgs, { noStreamStdout: true }); + try { + return JSON.parse(output); + } catch (e) { + throw new Error( + `Unexpected output from codeql resolve database --format=json: ${e}` + ); + } + }, async mergeResults(sarifFiles, outputFile, { mergeRunsFromEqualCategory = false }) { diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index 10b30f64d..20325380c 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -84973,6 +84973,23 @@ ${output}` ); } }, + async resolveDatabase(databasePath) { + const codeqlArgs = [ + "resolve", + "database", + databasePath, + "--format=json", + ...getExtraOptionsFromEnv(["resolve", "database"]) + ]; + const output = await runCli(cmd, codeqlArgs, { noStreamStdout: true }); + try { + return JSON.parse(output); + } catch (e) { + throw new Error( + `Unexpected output from codeql resolve database --format=json: ${e}` + ); + } + }, async mergeResults(sarifFiles, outputFile, { mergeRunsFromEqualCategory = false }) { diff --git a/lib/init-action-post.js b/lib/init-action-post.js index b6a4215af..99780c415 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -125350,6 +125350,23 @@ ${output}` ); } }, + async resolveDatabase(databasePath) { + const codeqlArgs = [ + "resolve", + "database", + databasePath, + "--format=json", + ...getExtraOptionsFromEnv(["resolve", "database"]) + ]; + const output = await runCli(cmd, codeqlArgs, { noStreamStdout: true }); + try { + return JSON.parse(output); + } catch (e) { + throw new Error( + `Unexpected output from codeql resolve database --format=json: ${e}` + ); + } + }, async mergeResults(sarifFiles, outputFile, { mergeRunsFromEqualCategory = false }) { diff --git a/lib/init-action.js b/lib/init-action.js index 8f5b7f887..939cab918 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -89147,6 +89147,23 @@ ${output}` ); } }, + async resolveDatabase(databasePath) { + const codeqlArgs = [ + "resolve", + "database", + databasePath, + "--format=json", + ...getExtraOptionsFromEnv(["resolve", "database"]) + ]; + const output = await runCli(cmd, codeqlArgs, { noStreamStdout: true }); + try { + return JSON.parse(output); + } catch (e) { + throw new Error( + `Unexpected output from codeql resolve database --format=json: ${e}` + ); + } + }, async mergeResults(sarifFiles, outputFile, { mergeRunsFromEqualCategory = false }) { diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index 6e159d31a..ffaf4d162 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -84672,6 +84672,23 @@ ${output}` ); } }, + async resolveDatabase(databasePath) { + const codeqlArgs = [ + "resolve", + "database", + databasePath, + "--format=json", + ...getExtraOptionsFromEnv(["resolve", "database"]) + ]; + const output = await runCli(cmd, codeqlArgs, { noStreamStdout: true }); + try { + return JSON.parse(output); + } catch (e) { + throw new Error( + `Unexpected output from codeql resolve database --format=json: ${e}` + ); + } + }, async mergeResults(sarifFiles, outputFile, { mergeRunsFromEqualCategory = false }) { diff --git a/lib/setup-codeql-action.js b/lib/setup-codeql-action.js index 74b84a122..4f9d6af4f 100644 --- a/lib/setup-codeql-action.js +++ b/lib/setup-codeql-action.js @@ -85975,6 +85975,23 @@ ${output}` ); } }, + async resolveDatabase(databasePath) { + const codeqlArgs = [ + "resolve", + "database", + databasePath, + "--format=json", + ...getExtraOptionsFromEnv(["resolve", "database"]) + ]; + const output = await runCli(cmd, codeqlArgs, { noStreamStdout: true }); + try { + return JSON.parse(output); + } catch (e) { + throw new Error( + `Unexpected output from codeql resolve database --format=json: ${e}` + ); + } + }, async mergeResults(sarifFiles, outputFile, { mergeRunsFromEqualCategory = false }) { diff --git a/lib/upload-lib.js b/lib/upload-lib.js index 4f3f1fa46..aacb1837d 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -88697,6 +88697,23 @@ ${output}` ); } }, + async resolveDatabase(databasePath) { + const codeqlArgs = [ + "resolve", + "database", + databasePath, + "--format=json", + ...getExtraOptionsFromEnv(["resolve", "database"]) + ]; + const output = await runCli(cmd, codeqlArgs, { noStreamStdout: true }); + try { + return JSON.parse(output); + } catch (e) { + throw new Error( + `Unexpected output from codeql resolve database --format=json: ${e}` + ); + } + }, async mergeResults(sarifFiles, outputFile, { mergeRunsFromEqualCategory = false }) { diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index ba2c9118c..5908e956e 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -89215,6 +89215,23 @@ ${output}` ); } }, + async resolveDatabase(databasePath) { + const codeqlArgs = [ + "resolve", + "database", + databasePath, + "--format=json", + ...getExtraOptionsFromEnv(["resolve", "database"]) + ]; + const output = await runCli(cmd, codeqlArgs, { noStreamStdout: true }); + try { + return JSON.parse(output); + } catch (e) { + throw new Error( + `Unexpected output from codeql resolve database --format=json: ${e}` + ); + } + }, async mergeResults(sarifFiles, outputFile, { mergeRunsFromEqualCategory = false }) { diff --git a/src/codeql.ts b/src/codeql.ts index 2b86d843f..f59793193 100644 --- a/src/codeql.ts +++ b/src/codeql.ts @@ -206,6 +206,7 @@ export interface CodeQL { * Run 'codeql resolve queries --format=startingpacks'. */ resolveQueriesStartingPacks(queries: string[]): Promise; + resolveDatabase(databasePath: string): Promise; /** * Run 'codeql github merge-results'. */ @@ -230,6 +231,10 @@ export interface VersionInfo { overlayVersion?: number; } +export interface ResolveDatabaseOutput { + [key: string]: string | [string]; +} + export interface ResolveLanguagesOutput { [language: string]: [string]; } @@ -493,6 +498,7 @@ export function createStubCodeQL(partialCodeql: Partial): CodeQL { partialCodeql, "resolveQueriesStartingPacks", ), + resolveDatabase: resolveFunction(partialCodeql, "resolveDatabase"), mergeResults: resolveFunction(partialCodeql, "mergeResults"), }; } @@ -1003,6 +1009,26 @@ async function getCodeQLForCmd( ); } }, + async resolveDatabase( + databasePath: string, + ): Promise { + const codeqlArgs = [ + "resolve", + "database", + databasePath, + "--format=json", + ...getExtraOptionsFromEnv(["resolve", "database"]), + ]; + const output = await runCli(cmd, codeqlArgs, { noStreamStdout: true }); + + try { + return JSON.parse(output) as ResolveDatabaseOutput; + } catch (e) { + throw new Error( + `Unexpected output from codeql resolve database --format=json: ${e}`, + ); + } + }, async mergeResults( sarifFiles: string[], outputFile: string, From c4efbda2999d6895931c401bf16d97750bd3650e Mon Sep 17 00:00:00 2001 From: Kasper Svendsen Date: Wed, 3 Dec 2025 09:16:45 +0100 Subject: [PATCH 2/9] Overlay: Check database metadata for overlayBaseSpecifier --- lib/analyze-action.js | 22 +++++++++++++-- lib/init-action.js | 22 +++++++++++++-- src/overlay-database-utils.test.ts | 44 ++++++++++++++++++++++++++++-- src/overlay-database-utils.ts | 35 +++++++++++++++++++++--- 4 files changed, 112 insertions(+), 11 deletions(-) diff --git a/lib/analyze-action.js b/lib/analyze-action.js index e05bbd8c8..c4d488ab8 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -88512,7 +88512,7 @@ function computeChangedFiles(baseFileOids, overlayFileOids) { var CACHE_VERSION = 1; var CACHE_PREFIX = "codeql-overlay-base-database"; var MAX_CACHE_OPERATION_MS = 6e5; -function checkOverlayBaseDatabase(config, logger, warningPrefix) { +async function checkOverlayBaseDatabase(codeql, config, logger, warningPrefix) { const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); if (!fs3.existsSync(baseDatabaseOidsFilePath)) { logger.warning( @@ -88520,6 +88520,23 @@ function checkOverlayBaseDatabase(config, logger, warningPrefix) { ); return false; } + for (const language of config.languages) { + const dbPath = getCodeQLDatabasePath(config, language); + try { + const resolveDatabaseOutput = await codeql.resolveDatabase(dbPath); + if (resolveDatabaseOutput === void 0 || !("overlayBaseSpecifier" in resolveDatabaseOutput)) { + logger.info(`${warningPrefix}: no overlayBaseSpecifier defined`); + return false; + } else { + logger.info( + `Overlay base specifier for ${language} overlay-base database found: ${resolveDatabaseOutput.overlayBaseSpecifier}` + ); + } + } catch (e) { + logger.warning(`${warningPrefix}: failed to resolve database: ${e}`); + return false; + } + } return true; } async function cleanupAndUploadOverlayBaseDatabaseToCache(codeql, config, logger) { @@ -88542,7 +88559,8 @@ async function cleanupAndUploadOverlayBaseDatabaseToCache(codeql, config, logger ); return false; } - const databaseIsValid = checkOverlayBaseDatabase( + const databaseIsValid = await checkOverlayBaseDatabase( + codeql, config, logger, "Abort uploading overlay-base database to cache" diff --git a/lib/init-action.js b/lib/init-action.js index 939cab918..0af2f67e8 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -85914,7 +85914,7 @@ function computeChangedFiles(baseFileOids, overlayFileOids) { var CACHE_VERSION = 1; var CACHE_PREFIX = "codeql-overlay-base-database"; var MAX_CACHE_OPERATION_MS = 6e5; -function checkOverlayBaseDatabase(config, logger, warningPrefix) { +async function checkOverlayBaseDatabase(codeql, config, logger, warningPrefix) { const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); if (!fs3.existsSync(baseDatabaseOidsFilePath)) { logger.warning( @@ -85922,6 +85922,23 @@ function checkOverlayBaseDatabase(config, logger, warningPrefix) { ); return false; } + for (const language of config.languages) { + const dbPath = getCodeQLDatabasePath(config, language); + try { + const resolveDatabaseOutput = await codeql.resolveDatabase(dbPath); + if (resolveDatabaseOutput === void 0 || !("overlayBaseSpecifier" in resolveDatabaseOutput)) { + logger.info(`${warningPrefix}: no overlayBaseSpecifier defined`); + return false; + } else { + logger.info( + `Overlay base specifier for ${language} overlay-base database found: ${resolveDatabaseOutput.overlayBaseSpecifier}` + ); + } + } catch (e) { + logger.warning(`${warningPrefix}: failed to resolve database: ${e}`); + return false; + } + } return true; } async function downloadOverlayBaseDatabaseFromCache(codeql, config, logger) { @@ -86009,7 +86026,8 @@ async function downloadOverlayBaseDatabaseFromCache(codeql, config, logger) { ); return void 0; } - const databaseIsValid = checkOverlayBaseDatabase( + const databaseIsValid = await checkOverlayBaseDatabase( + codeql, config, logger, "Downloaded overlay-base database is invalid" diff --git a/src/overlay-database-utils.test.ts b/src/overlay-database-utils.test.ts index cee0d45f1..db47d4d87 100644 --- a/src/overlay-database-utils.test.ts +++ b/src/overlay-database-utils.test.ts @@ -7,7 +7,9 @@ import * as sinon from "sinon"; import * as actionsUtil from "./actions-util"; import * as apiClient from "./api-client"; +import { ResolveDatabaseOutput } from "./codeql"; import * as gitUtils from "./git-utils"; +import { KnownLanguage } from "./languages"; import { getRunnerLogger } from "./logging"; import { downloadOverlayBaseDatabaseFromCache, @@ -95,6 +97,7 @@ interface DownloadOverlayBaseDatabaseTestCase { hasBaseDatabaseOidsFile: boolean; tryGetFolderBytesSucceeds: boolean; codeQLVersion: string; + resolveDatabaseOutput: ResolveDatabaseOutput | Error; } const defaultDownloadTestCase: DownloadOverlayBaseDatabaseTestCase = { @@ -105,6 +108,7 @@ const defaultDownloadTestCase: DownloadOverlayBaseDatabaseTestCase = { hasBaseDatabaseOidsFile: true, tryGetFolderBytesSucceeds: true, codeQLVersion: "2.20.5", + resolveDatabaseOutput: { overlayBaseSpecifier: "20250626:XXX" }, }; const testDownloadOverlayBaseDatabaseFromCache = test.macro({ @@ -119,9 +123,11 @@ const testDownloadOverlayBaseDatabaseFromCache = test.macro({ await fs.promises.mkdir(dbLocation, { recursive: true }); const logger = getRunnerLogger(true); - const config = createTestConfig({ dbLocation }); - const testCase = { ...defaultDownloadTestCase, ...partialTestCase }; + const config = createTestConfig({ + dbLocation, + languages: [KnownLanguage.java], + }); config.overlayDatabaseMode = testCase.overlayDatabaseMode; config.useOverlayDatabaseCaching = testCase.useOverlayDatabaseCaching; @@ -163,9 +169,23 @@ const testDownloadOverlayBaseDatabaseFromCache = test.macro({ .resolves(testCase.tryGetFolderBytesSucceeds ? 1024 * 1024 : undefined); stubs.push(tryGetFolderBytesStub); + const codeql = mockCodeQLVersion(testCase.codeQLVersion); + + if (testCase.resolveDatabaseOutput instanceof Error) { + const resolveDatabaseStub = sinon + .stub(codeql, "resolveDatabase") + .rejects(testCase.resolveDatabaseOutput); + stubs.push(resolveDatabaseStub); + } else { + const resolveDatabaseStub = sinon + .stub(codeql, "resolveDatabase") + .resolves(testCase.resolveDatabaseOutput); + stubs.push(resolveDatabaseStub); + } + try { const result = await downloadOverlayBaseDatabaseFromCache( - mockCodeQLVersion(testCase.codeQLVersion), + codeql, config, logger, ); @@ -255,6 +275,24 @@ test( false, ); +test( + testDownloadOverlayBaseDatabaseFromCache, + "returns undefined when downloaded database doesn't have an overlayBaseSpecifier", + { + resolveDatabaseOutput: {}, + }, + false, +); + +test( + testDownloadOverlayBaseDatabaseFromCache, + "returns undefined when resolving database metadata fails", + { + resolveDatabaseOutput: new Error("Failed to resolve database metadata"), + }, + false, +); + test( testDownloadOverlayBaseDatabaseFromCache, "returns undefined when filesystem error occurs", diff --git a/src/overlay-database-utils.ts b/src/overlay-database-utils.ts index a340bfe2b..7db248bd1 100644 --- a/src/overlay-database-utils.ts +++ b/src/overlay-database-utils.ts @@ -17,6 +17,7 @@ import { getCommitOid, getFileOidsUnderPath } from "./git-utils"; import { Logger, withGroupAsync } from "./logging"; import { CleanupLevel, + getCodeQLDatabasePath, getErrorMessage, isInTestMode, tryGetFolderBytes, @@ -176,11 +177,12 @@ const MAX_CACHE_OPERATION_MS = 600_000; * @param warningPrefix Prefix for the check failure warning message * @returns True if the verification succeeded, false otherwise */ -function checkOverlayBaseDatabase( +async function checkOverlayBaseDatabase( + codeql: CodeQL, config: Config, logger: Logger, warningPrefix: string, -): boolean { +): Promise { // An overlay-base database should contain the base database OIDs file. const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); if (!fs.existsSync(baseDatabaseOidsFilePath)) { @@ -189,6 +191,29 @@ function checkOverlayBaseDatabase( ); return false; } + + for (const language of config.languages) { + const dbPath = getCodeQLDatabasePath(config, language); + try { + const resolveDatabaseOutput = await codeql.resolveDatabase(dbPath); + if ( + resolveDatabaseOutput === undefined || + !("overlayBaseSpecifier" in resolveDatabaseOutput) + ) { + logger.info(`${warningPrefix}: no overlayBaseSpecifier defined`); + return false; + } else { + logger.info( + `Overlay base specifier for ${language} overlay-base database found: ` + + `${resolveDatabaseOutput.overlayBaseSpecifier}`, + ); + } + } catch (e) { + logger.warning(`${warningPrefix}: failed to resolve database: ${e}`); + return false; + } + } + return true; } @@ -232,7 +257,8 @@ export async function cleanupAndUploadOverlayBaseDatabaseToCache( return false; } - const databaseIsValid = checkOverlayBaseDatabase( + const databaseIsValid = await checkOverlayBaseDatabase( + codeql, config, logger, "Abort uploading overlay-base database to cache", @@ -415,7 +441,8 @@ export async function downloadOverlayBaseDatabaseFromCache( return undefined; } - const databaseIsValid = checkOverlayBaseDatabase( + const databaseIsValid = await checkOverlayBaseDatabase( + codeql, config, logger, "Downloaded overlay-base database is invalid", From 5b7e7fcc9c5a25e1129581e9733c0f6fb5078a71 Mon Sep 17 00:00:00 2001 From: Kasper Svendsen Date: Tue, 9 Dec 2025 09:41:33 +0100 Subject: [PATCH 3/9] Update src/codeql.ts Co-authored-by: Henry Mercer --- src/codeql.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/codeql.ts b/src/codeql.ts index f59793193..33dd0db98 100644 --- a/src/codeql.ts +++ b/src/codeql.ts @@ -232,7 +232,7 @@ export interface VersionInfo { } export interface ResolveDatabaseOutput { - [key: string]: string | [string]; + overlayBaseSpecifier?: string; } export interface ResolveLanguagesOutput { From 002a7f25fdbaa5bc68ab7b87a336015eebea0b1f Mon Sep 17 00:00:00 2001 From: Kasper Svendsen Date: Tue, 9 Dec 2025 09:44:56 +0100 Subject: [PATCH 4/9] Overlay: log overlayBaseSpecifier at debug log-level --- lib/analyze-action.js | 2 +- lib/init-action.js | 2 +- src/overlay-database-utils.ts | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/analyze-action.js b/lib/analyze-action.js index c4d488ab8..070787928 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -88528,7 +88528,7 @@ async function checkOverlayBaseDatabase(codeql, config, logger, warningPrefix) { logger.info(`${warningPrefix}: no overlayBaseSpecifier defined`); return false; } else { - logger.info( + logger.debug( `Overlay base specifier for ${language} overlay-base database found: ${resolveDatabaseOutput.overlayBaseSpecifier}` ); } diff --git a/lib/init-action.js b/lib/init-action.js index 0af2f67e8..e74d27c82 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -85930,7 +85930,7 @@ async function checkOverlayBaseDatabase(codeql, config, logger, warningPrefix) { logger.info(`${warningPrefix}: no overlayBaseSpecifier defined`); return false; } else { - logger.info( + logger.debug( `Overlay base specifier for ${language} overlay-base database found: ${resolveDatabaseOutput.overlayBaseSpecifier}` ); } diff --git a/src/overlay-database-utils.ts b/src/overlay-database-utils.ts index 7db248bd1..921fd0b8e 100644 --- a/src/overlay-database-utils.ts +++ b/src/overlay-database-utils.ts @@ -203,7 +203,7 @@ async function checkOverlayBaseDatabase( logger.info(`${warningPrefix}: no overlayBaseSpecifier defined`); return false; } else { - logger.info( + logger.debug( `Overlay base specifier for ${language} overlay-base database found: ` + `${resolveDatabaseOutput.overlayBaseSpecifier}`, ); From 2930dba17ac868bf1d3114f09837dbfb9619aa05 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 11 Dec 2025 15:46:14 +0000 Subject: [PATCH 5/9] Update default bundle to codeql-bundle-v2.23.8 --- lib/analyze-action.js | 4 ++-- lib/autobuild-action.js | 4 ++-- lib/defaults.json | 8 ++++---- lib/init-action-post.js | 4 ++-- lib/init-action.js | 4 ++-- lib/setup-codeql-action.js | 4 ++-- lib/start-proxy-action.js | 4 ++-- lib/upload-lib.js | 4 ++-- lib/upload-sarif-action.js | 4 ++-- src/defaults.json | 8 ++++---- 10 files changed, 24 insertions(+), 24 deletions(-) diff --git a/lib/analyze-action.js b/lib/analyze-action.js index 48520792c..7ba381fc2 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -88211,8 +88211,8 @@ var path4 = __toESM(require("path")); var semver4 = __toESM(require_semver2()); // src/defaults.json -var bundleVersion = "codeql-bundle-v2.23.7"; -var cliVersion = "2.23.7"; +var bundleVersion = "codeql-bundle-v2.23.8"; +var cliVersion = "2.23.8"; // src/overlay-database-utils.ts var fs3 = __toESM(require("fs")); diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index c7b2d5909..36f094bde 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -83701,8 +83701,8 @@ var path3 = __toESM(require("path")); var semver4 = __toESM(require_semver2()); // src/defaults.json -var bundleVersion = "codeql-bundle-v2.23.7"; -var cliVersion = "2.23.7"; +var bundleVersion = "codeql-bundle-v2.23.8"; +var cliVersion = "2.23.8"; // src/overlay-database-utils.ts var fs2 = __toESM(require("fs")); diff --git a/lib/defaults.json b/lib/defaults.json index 04929fab3..6f3dc42bf 100644 --- a/lib/defaults.json +++ b/lib/defaults.json @@ -1,6 +1,6 @@ { - "bundleVersion": "codeql-bundle-v2.23.7", - "cliVersion": "2.23.7", - "priorBundleVersion": "codeql-bundle-v2.23.6", - "priorCliVersion": "2.23.6" + "bundleVersion": "codeql-bundle-v2.23.8", + "cliVersion": "2.23.8", + "priorBundleVersion": "codeql-bundle-v2.23.7", + "priorCliVersion": "2.23.7" } diff --git a/lib/init-action-post.js b/lib/init-action-post.js index 6699c08ca..04c9c69fe 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -123084,8 +123084,8 @@ var path4 = __toESM(require("path")); var semver4 = __toESM(require_semver2()); // src/defaults.json -var bundleVersion = "codeql-bundle-v2.23.7"; -var cliVersion = "2.23.7"; +var bundleVersion = "codeql-bundle-v2.23.8"; +var cliVersion = "2.23.8"; // src/overlay-database-utils.ts var fs3 = __toESM(require("fs")); diff --git a/lib/init-action.js b/lib/init-action.js index 77524b00a..d1beb6611 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -85635,8 +85635,8 @@ var path5 = __toESM(require("path")); var semver4 = __toESM(require_semver2()); // src/defaults.json -var bundleVersion = "codeql-bundle-v2.23.7"; -var cliVersion = "2.23.7"; +var bundleVersion = "codeql-bundle-v2.23.8"; +var cliVersion = "2.23.8"; // src/overlay-database-utils.ts var fs3 = __toESM(require("fs")); diff --git a/lib/setup-codeql-action.js b/lib/setup-codeql-action.js index 4b4c28abc..49ab3bf48 100644 --- a/lib/setup-codeql-action.js +++ b/lib/setup-codeql-action.js @@ -83589,8 +83589,8 @@ var path4 = __toESM(require("path")); var semver3 = __toESM(require_semver2()); // src/defaults.json -var bundleVersion = "codeql-bundle-v2.23.7"; -var cliVersion = "2.23.7"; +var bundleVersion = "codeql-bundle-v2.23.8"; +var cliVersion = "2.23.8"; // src/overlay-database-utils.ts var fs3 = __toESM(require("fs")); diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index 16f308b6a..e70a7412b 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -99720,8 +99720,8 @@ function getActionsLogger() { var core7 = __toESM(require_core()); // src/defaults.json -var bundleVersion = "codeql-bundle-v2.23.7"; -var cliVersion = "2.23.7"; +var bundleVersion = "codeql-bundle-v2.23.8"; +var cliVersion = "2.23.8"; // src/languages.ts var KnownLanguage = /* @__PURE__ */ ((KnownLanguage2) => { diff --git a/lib/upload-lib.js b/lib/upload-lib.js index 3ee72bb5c..245288bc2 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -86724,8 +86724,8 @@ var path4 = __toESM(require("path")); var semver4 = __toESM(require_semver2()); // src/defaults.json -var bundleVersion = "codeql-bundle-v2.23.7"; -var cliVersion = "2.23.7"; +var bundleVersion = "codeql-bundle-v2.23.8"; +var cliVersion = "2.23.8"; // src/overlay-database-utils.ts var fs3 = __toESM(require("fs")); diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index 2efce8797..fd314e6ac 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -86505,8 +86505,8 @@ var path4 = __toESM(require("path")); var semver3 = __toESM(require_semver2()); // src/defaults.json -var bundleVersion = "codeql-bundle-v2.23.7"; -var cliVersion = "2.23.7"; +var bundleVersion = "codeql-bundle-v2.23.8"; +var cliVersion = "2.23.8"; // src/overlay-database-utils.ts var fs3 = __toESM(require("fs")); diff --git a/src/defaults.json b/src/defaults.json index 04929fab3..6f3dc42bf 100644 --- a/src/defaults.json +++ b/src/defaults.json @@ -1,6 +1,6 @@ { - "bundleVersion": "codeql-bundle-v2.23.7", - "cliVersion": "2.23.7", - "priorBundleVersion": "codeql-bundle-v2.23.6", - "priorCliVersion": "2.23.6" + "bundleVersion": "codeql-bundle-v2.23.8", + "cliVersion": "2.23.8", + "priorBundleVersion": "codeql-bundle-v2.23.7", + "priorCliVersion": "2.23.7" } From db812c1ae639aa466b2b1f4a921f823c54371173 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 11 Dec 2025 15:46:24 +0000 Subject: [PATCH 6/9] Add changelog note --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 253485dd4..0589f45cd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th ## [UNRELEASED] -No user facing changes. +- Update default CodeQL bundle version to 2.23.8. [#3354](https://github.com/github/codeql-action/pull/3354) ## 4.31.7 - 05 Dec 2025 From 120f277b1613fcef1261eb850ba9b01ca444bbef Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 11 Dec 2025 17:23:34 +0000 Subject: [PATCH 7/9] Update changelog for v4.31.8 --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0589f45cd..f91b413d6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,7 @@ See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. -## [UNRELEASED] +## 4.31.8 - 11 Dec 2025 - Update default CodeQL bundle version to 2.23.8. [#3354](https://github.com/github/codeql-action/pull/3354) From 4564f5e4828c94447124ef0fdfa2e0054c68d041 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 12 Dec 2025 08:44:31 +0000 Subject: [PATCH 8/9] Update changelog and version after v4.31.8 --- CHANGELOG.md | 4 ++++ package-lock.json | 4 ++-- package.json | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f91b413d6..275aefde4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. +## [UNRELEASED] + +No user facing changes. + ## 4.31.8 - 11 Dec 2025 - Update default CodeQL bundle version to 2.23.8. [#3354](https://github.com/github/codeql-action/pull/3354) diff --git a/package-lock.json b/package-lock.json index 3d3718239..edf6f50e3 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "codeql", - "version": "4.31.8", + "version": "4.31.9", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "codeql", - "version": "4.31.8", + "version": "4.31.9", "license": "MIT", "dependencies": { "@actions/artifact": "^4.0.0", diff --git a/package.json b/package.json index 6d892ecbb..729438e35 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "codeql", - "version": "4.31.8", + "version": "4.31.9", "private": true, "description": "CodeQL action", "scripts": { From 65bad627f3d5dd4eb88f7c03948fca670543ba3f Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 12 Dec 2025 08:52:54 +0000 Subject: [PATCH 9/9] Rebuild --- lib/analyze-action-post.js | 2 +- lib/analyze-action.js | 2 +- lib/autobuild-action.js | 2 +- lib/init-action-post.js | 2 +- lib/init-action.js | 2 +- lib/resolve-environment-action.js | 2 +- lib/setup-codeql-action.js | 2 +- lib/start-proxy-action-post.js | 2 +- lib/start-proxy-action.js | 2 +- lib/upload-lib.js | 2 +- lib/upload-sarif-action-post.js | 2 +- lib/upload-sarif-action.js | 2 +- 12 files changed, 12 insertions(+), 12 deletions(-) diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index ffcc4512d..f1d6b1faf 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -27627,7 +27627,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.8", + version: "4.31.9", private: true, description: "CodeQL action", scripts: { diff --git a/lib/analyze-action.js b/lib/analyze-action.js index 7ba381fc2..d89242d02 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -27627,7 +27627,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.8", + version: "4.31.9", private: true, description: "CodeQL action", scripts: { diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index 36f094bde..b4159bf59 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -27627,7 +27627,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.8", + version: "4.31.9", private: true, description: "CodeQL action", scripts: { diff --git a/lib/init-action-post.js b/lib/init-action-post.js index 04c9c69fe..1ba036897 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -27627,7 +27627,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.8", + version: "4.31.9", private: true, description: "CodeQL action", scripts: { diff --git a/lib/init-action.js b/lib/init-action.js index d1beb6611..b78367b7d 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -27627,7 +27627,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.8", + version: "4.31.9", private: true, description: "CodeQL action", scripts: { diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index 8f176bce1..2fdbc539a 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -27627,7 +27627,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.8", + version: "4.31.9", private: true, description: "CodeQL action", scripts: { diff --git a/lib/setup-codeql-action.js b/lib/setup-codeql-action.js index 49ab3bf48..22a8402bf 100644 --- a/lib/setup-codeql-action.js +++ b/lib/setup-codeql-action.js @@ -27627,7 +27627,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.8", + version: "4.31.9", private: true, description: "CodeQL action", scripts: { diff --git a/lib/start-proxy-action-post.js b/lib/start-proxy-action-post.js index 7f461a22c..54fb9a5eb 100644 --- a/lib/start-proxy-action-post.js +++ b/lib/start-proxy-action-post.js @@ -27627,7 +27627,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.8", + version: "4.31.9", private: true, description: "CodeQL action", scripts: { diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index e70a7412b..2ac031a11 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -47321,7 +47321,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.8", + version: "4.31.9", private: true, description: "CodeQL action", scripts: { diff --git a/lib/upload-lib.js b/lib/upload-lib.js index 245288bc2..3da4b62f7 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -28924,7 +28924,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.8", + version: "4.31.9", private: true, description: "CodeQL action", scripts: { diff --git a/lib/upload-sarif-action-post.js b/lib/upload-sarif-action-post.js index 8c466d1a3..4570960d4 100644 --- a/lib/upload-sarif-action-post.js +++ b/lib/upload-sarif-action-post.js @@ -27627,7 +27627,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.8", + version: "4.31.9", private: true, description: "CodeQL action", scripts: { diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index fd314e6ac..47a0cfd4e 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -27627,7 +27627,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.8", + version: "4.31.9", private: true, description: "CodeQL action", scripts: {