From 9c39f0afb0dccf4d000a85846771d81ecc2330a3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Oct 2025 18:05:01 +0000 Subject: [PATCH 1/8] Bump actions/download-artifact from 5 to 6 in /.github/workflows Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 5 to 6. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/debug-artifacts-failure-safe.yml | 2 +- .github/workflows/debug-artifacts-safe.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/debug-artifacts-failure-safe.yml b/.github/workflows/debug-artifacts-failure-safe.yml index c938c51e6..1a09b3d9e 100644 --- a/.github/workflows/debug-artifacts-failure-safe.yml +++ b/.github/workflows/debug-artifacts-failure-safe.yml @@ -79,7 +79,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Download all artifacts - uses: actions/download-artifact@v5 + uses: actions/download-artifact@v6 - name: Check expected artifacts exist run: | LANGUAGES="cpp csharp go java javascript python" diff --git a/.github/workflows/debug-artifacts-safe.yml b/.github/workflows/debug-artifacts-safe.yml index 3e7282f82..ea513521f 100644 --- a/.github/workflows/debug-artifacts-safe.yml +++ b/.github/workflows/debug-artifacts-safe.yml @@ -73,7 +73,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Download all artifacts - uses: actions/download-artifact@v5 + uses: actions/download-artifact@v6 - name: Check expected artifacts exist run: | VERSIONS="stable-v2.20.3 default linked nightly-latest" From cbcb06a3ae83559ce90331dbf8b09f234510f99d Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 30 Oct 2025 10:29:22 +0000 Subject: [PATCH 2/8] Update changelog and version after v4.31.1 --- CHANGELOG.md | 4 ++++ package-lock.json | 4 ++-- package.json | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e73571511..6fd372f5b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. +## [UNRELEASED] + +No user facing changes. + ## 4.31.1 - 30 Oct 2025 - The `add-snippets` input has been removed from the `analyze` action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced. diff --git a/package-lock.json b/package-lock.json index 9cd43e5bd..a73a977b9 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "codeql", - "version": "4.31.1", + "version": "4.31.2", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "codeql", - "version": "4.31.1", + "version": "4.31.2", "license": "MIT", "dependencies": { "@actions/artifact": "^4.0.0", diff --git a/package.json b/package.json index 29e60bd28..229c06c09 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "codeql", - "version": "4.31.1", + "version": "4.31.2", "private": true, "description": "CodeQL action", "scripts": { From e7811794d39c880497f5558166d3fe734ee53415 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 30 Oct 2025 10:31:33 +0000 Subject: [PATCH 3/8] Rebuild --- lib/analyze-action-post.js | 2 +- lib/analyze-action.js | 2 +- lib/autobuild-action.js | 2 +- lib/init-action-post.js | 2 +- lib/init-action.js | 2 +- lib/resolve-environment-action.js | 2 +- lib/setup-codeql-action.js | 2 +- lib/start-proxy-action-post.js | 2 +- lib/start-proxy-action.js | 2 +- lib/upload-lib.js | 2 +- lib/upload-sarif-action-post.js | 2 +- lib/upload-sarif-action.js | 2 +- 12 files changed, 12 insertions(+), 12 deletions(-) diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index af20c5119..241ec3519 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -26468,7 +26468,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.1", + version: "4.31.2", private: true, description: "CodeQL action", scripts: { diff --git a/lib/analyze-action.js b/lib/analyze-action.js index dfc96b28d..9e01d6458 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -26468,7 +26468,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.1", + version: "4.31.2", private: true, description: "CodeQL action", scripts: { diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index ad1fc68ba..97ffbac16 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -26468,7 +26468,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.1", + version: "4.31.2", private: true, description: "CodeQL action", scripts: { diff --git a/lib/init-action-post.js b/lib/init-action-post.js index 64c083f5c..366d0503d 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -26468,7 +26468,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.1", + version: "4.31.2", private: true, description: "CodeQL action", scripts: { diff --git a/lib/init-action.js b/lib/init-action.js index ad215ae92..f1d765d77 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -26468,7 +26468,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.1", + version: "4.31.2", private: true, description: "CodeQL action", scripts: { diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index 2a92abf57..71675b68f 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -26468,7 +26468,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.1", + version: "4.31.2", private: true, description: "CodeQL action", scripts: { diff --git a/lib/setup-codeql-action.js b/lib/setup-codeql-action.js index be67a6114..2b51df5ad 100644 --- a/lib/setup-codeql-action.js +++ b/lib/setup-codeql-action.js @@ -26468,7 +26468,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.1", + version: "4.31.2", private: true, description: "CodeQL action", scripts: { diff --git a/lib/start-proxy-action-post.js b/lib/start-proxy-action-post.js index 7e29c1908..2b57a99ff 100644 --- a/lib/start-proxy-action-post.js +++ b/lib/start-proxy-action-post.js @@ -26468,7 +26468,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.1", + version: "4.31.2", private: true, description: "CodeQL action", scripts: { diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index 503bd0956..f034966f6 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -45004,7 +45004,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.1", + version: "4.31.2", private: true, description: "CodeQL action", scripts: { diff --git a/lib/upload-lib.js b/lib/upload-lib.js index 7780bc4db..b1316738d 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -27765,7 +27765,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.1", + version: "4.31.2", private: true, description: "CodeQL action", scripts: { diff --git a/lib/upload-sarif-action-post.js b/lib/upload-sarif-action-post.js index 652e31a9c..4bed7f1cc 100644 --- a/lib/upload-sarif-action-post.js +++ b/lib/upload-sarif-action-post.js @@ -26468,7 +26468,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.1", + version: "4.31.2", private: true, description: "CodeQL action", scripts: { diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index cc691f809..f3b857596 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -26468,7 +26468,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.1", + version: "4.31.2", private: true, description: "CodeQL action", scripts: { From b2bffa615da2c5ae026beb862b3ff730793c319f Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Thu, 30 Oct 2025 10:40:23 +0000 Subject: [PATCH 4/8] Remove unused `console-log-level` dependency This was added back by a bad merge. --- lib/analyze-action-post.js | 2 -- lib/analyze-action.js | 2 -- lib/autobuild-action.js | 2 -- lib/init-action-post.js | 2 -- lib/init-action.js | 2 -- lib/resolve-environment-action.js | 2 -- lib/setup-codeql-action.js | 2 -- lib/start-proxy-action-post.js | 2 -- lib/start-proxy-action.js | 2 -- lib/upload-lib.js | 2 -- lib/upload-sarif-action-post.js | 2 -- lib/upload-sarif-action.js | 2 -- package-lock.json | 13 ------------- package.json | 2 -- 14 files changed, 39 deletions(-) diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index af20c5119..a5b494631 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -26506,7 +26506,6 @@ var require_package = __commonJS({ "@octokit/request-error": "^7.0.1", "@schemastore/package": "0.0.10", archiver: "^7.0.1", - "console-log-level": "^1.4.1", "fast-deep-equal": "^3.1.3", "follow-redirects": "^1.15.11", "get-folder-size": "^5.0.0", @@ -26526,7 +26525,6 @@ var require_package = __commonJS({ "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.1", "@types/archiver": "^6.0.4", - "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", "@types/node": "20.19.9", diff --git a/lib/analyze-action.js b/lib/analyze-action.js index dfc96b28d..a1f7ad16f 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -26506,7 +26506,6 @@ var require_package = __commonJS({ "@octokit/request-error": "^7.0.1", "@schemastore/package": "0.0.10", archiver: "^7.0.1", - "console-log-level": "^1.4.1", "fast-deep-equal": "^3.1.3", "follow-redirects": "^1.15.11", "get-folder-size": "^5.0.0", @@ -26526,7 +26525,6 @@ var require_package = __commonJS({ "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.1", "@types/archiver": "^6.0.4", - "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", "@types/node": "20.19.9", diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index ad1fc68ba..fccf20bcf 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -26506,7 +26506,6 @@ var require_package = __commonJS({ "@octokit/request-error": "^7.0.1", "@schemastore/package": "0.0.10", archiver: "^7.0.1", - "console-log-level": "^1.4.1", "fast-deep-equal": "^3.1.3", "follow-redirects": "^1.15.11", "get-folder-size": "^5.0.0", @@ -26526,7 +26525,6 @@ var require_package = __commonJS({ "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.1", "@types/archiver": "^6.0.4", - "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", "@types/node": "20.19.9", diff --git a/lib/init-action-post.js b/lib/init-action-post.js index 64c083f5c..6f14749a5 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -26506,7 +26506,6 @@ var require_package = __commonJS({ "@octokit/request-error": "^7.0.1", "@schemastore/package": "0.0.10", archiver: "^7.0.1", - "console-log-level": "^1.4.1", "fast-deep-equal": "^3.1.3", "follow-redirects": "^1.15.11", "get-folder-size": "^5.0.0", @@ -26526,7 +26525,6 @@ var require_package = __commonJS({ "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.1", "@types/archiver": "^6.0.4", - "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", "@types/node": "20.19.9", diff --git a/lib/init-action.js b/lib/init-action.js index ad215ae92..4f3628da0 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -26506,7 +26506,6 @@ var require_package = __commonJS({ "@octokit/request-error": "^7.0.1", "@schemastore/package": "0.0.10", archiver: "^7.0.1", - "console-log-level": "^1.4.1", "fast-deep-equal": "^3.1.3", "follow-redirects": "^1.15.11", "get-folder-size": "^5.0.0", @@ -26526,7 +26525,6 @@ var require_package = __commonJS({ "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.1", "@types/archiver": "^6.0.4", - "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", "@types/node": "20.19.9", diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index 2a92abf57..1fb13b901 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -26506,7 +26506,6 @@ var require_package = __commonJS({ "@octokit/request-error": "^7.0.1", "@schemastore/package": "0.0.10", archiver: "^7.0.1", - "console-log-level": "^1.4.1", "fast-deep-equal": "^3.1.3", "follow-redirects": "^1.15.11", "get-folder-size": "^5.0.0", @@ -26526,7 +26525,6 @@ var require_package = __commonJS({ "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.1", "@types/archiver": "^6.0.4", - "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", "@types/node": "20.19.9", diff --git a/lib/setup-codeql-action.js b/lib/setup-codeql-action.js index be67a6114..1e3701774 100644 --- a/lib/setup-codeql-action.js +++ b/lib/setup-codeql-action.js @@ -26506,7 +26506,6 @@ var require_package = __commonJS({ "@octokit/request-error": "^7.0.1", "@schemastore/package": "0.0.10", archiver: "^7.0.1", - "console-log-level": "^1.4.1", "fast-deep-equal": "^3.1.3", "follow-redirects": "^1.15.11", "get-folder-size": "^5.0.0", @@ -26526,7 +26525,6 @@ var require_package = __commonJS({ "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.1", "@types/archiver": "^6.0.4", - "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", "@types/node": "20.19.9", diff --git a/lib/start-proxy-action-post.js b/lib/start-proxy-action-post.js index 7e29c1908..be2505180 100644 --- a/lib/start-proxy-action-post.js +++ b/lib/start-proxy-action-post.js @@ -26506,7 +26506,6 @@ var require_package = __commonJS({ "@octokit/request-error": "^7.0.1", "@schemastore/package": "0.0.10", archiver: "^7.0.1", - "console-log-level": "^1.4.1", "fast-deep-equal": "^3.1.3", "follow-redirects": "^1.15.11", "get-folder-size": "^5.0.0", @@ -26526,7 +26525,6 @@ var require_package = __commonJS({ "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.1", "@types/archiver": "^6.0.4", - "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", "@types/node": "20.19.9", diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index 503bd0956..7ecc8df95 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -45042,7 +45042,6 @@ var require_package = __commonJS({ "@octokit/request-error": "^7.0.1", "@schemastore/package": "0.0.10", archiver: "^7.0.1", - "console-log-level": "^1.4.1", "fast-deep-equal": "^3.1.3", "follow-redirects": "^1.15.11", "get-folder-size": "^5.0.0", @@ -45062,7 +45061,6 @@ var require_package = __commonJS({ "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.1", "@types/archiver": "^6.0.4", - "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", "@types/node": "20.19.9", diff --git a/lib/upload-lib.js b/lib/upload-lib.js index 7780bc4db..606b77202 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -27803,7 +27803,6 @@ var require_package = __commonJS({ "@octokit/request-error": "^7.0.1", "@schemastore/package": "0.0.10", archiver: "^7.0.1", - "console-log-level": "^1.4.1", "fast-deep-equal": "^3.1.3", "follow-redirects": "^1.15.11", "get-folder-size": "^5.0.0", @@ -27823,7 +27822,6 @@ var require_package = __commonJS({ "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.1", "@types/archiver": "^6.0.4", - "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", "@types/node": "20.19.9", diff --git a/lib/upload-sarif-action-post.js b/lib/upload-sarif-action-post.js index 652e31a9c..6b6d1583b 100644 --- a/lib/upload-sarif-action-post.js +++ b/lib/upload-sarif-action-post.js @@ -26506,7 +26506,6 @@ var require_package = __commonJS({ "@octokit/request-error": "^7.0.1", "@schemastore/package": "0.0.10", archiver: "^7.0.1", - "console-log-level": "^1.4.1", "fast-deep-equal": "^3.1.3", "follow-redirects": "^1.15.11", "get-folder-size": "^5.0.0", @@ -26526,7 +26525,6 @@ var require_package = __commonJS({ "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.1", "@types/archiver": "^6.0.4", - "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", "@types/node": "20.19.9", diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index cc691f809..e1de1cd0c 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -26506,7 +26506,6 @@ var require_package = __commonJS({ "@octokit/request-error": "^7.0.1", "@schemastore/package": "0.0.10", archiver: "^7.0.1", - "console-log-level": "^1.4.1", "fast-deep-equal": "^3.1.3", "follow-redirects": "^1.15.11", "get-folder-size": "^5.0.0", @@ -26526,7 +26525,6 @@ var require_package = __commonJS({ "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.1", "@types/archiver": "^6.0.4", - "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", "@types/node": "20.19.9", diff --git a/package-lock.json b/package-lock.json index 9cd43e5bd..9c3057fbe 100644 --- a/package-lock.json +++ b/package-lock.json @@ -23,7 +23,6 @@ "@octokit/request-error": "^7.0.1", "@schemastore/package": "0.0.10", "archiver": "^7.0.1", - "console-log-level": "^1.4.1", "fast-deep-equal": "^3.1.3", "follow-redirects": "^1.15.11", "get-folder-size": "^5.0.0", @@ -43,7 +42,6 @@ "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.1", "@types/archiver": "^6.0.4", - "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", "@types/node": "20.19.9", @@ -2486,11 +2484,6 @@ "dev": true, "license": "MIT" }, - "node_modules/@types/console-log-level": { - "version": "1.4.5", - "dev": true, - "license": "MIT" - }, "node_modules/@types/estree": { "version": "1.0.8", "resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.8.tgz", @@ -4506,12 +4499,6 @@ "node": "^14.18.0 || >=16.10.0" } }, - "node_modules/console-log-level": { - "version": "1.4.1", - "resolved": "https://registry.npmjs.org/console-log-level/-/console-log-level-1.4.1.tgz", - "integrity": "sha512-VZzbIORbP+PPcN/gg3DXClTLPLg5Slwd5fL2MIc+o1qZ4BXBvWyc6QxPk6T/Mkr6IVjRpoAGf32XxP3ZWMVRcQ==", - "license": "MIT" - }, "node_modules/convert-to-spaces": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/convert-to-spaces/-/convert-to-spaces-2.0.1.tgz", diff --git a/package.json b/package.json index 29e60bd28..601b3b1f5 100644 --- a/package.json +++ b/package.json @@ -38,7 +38,6 @@ "@octokit/request-error": "^7.0.1", "@schemastore/package": "0.0.10", "archiver": "^7.0.1", - "console-log-level": "^1.4.1", "fast-deep-equal": "^3.1.3", "follow-redirects": "^1.15.11", "get-folder-size": "^5.0.0", @@ -58,7 +57,6 @@ "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.1", "@types/archiver": "^6.0.4", - "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", "@types/node": "20.19.9", From 2a3599c52055e7a5443d3fef8981a4d543586dde Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Thu, 30 Oct 2025 11:25:32 +0000 Subject: [PATCH 5/8] Run lightweight workflows on `ubuntu-slim` --- .github/workflows/check-expected-release-files.yml | 2 +- .github/workflows/label-pr-size.yml | 2 +- .github/workflows/post-release-mergeback.yml | 2 +- .github/workflows/prepare-release.yml | 2 +- .github/workflows/publish-immutable-action.yml | 2 +- .github/workflows/update-bundle.yml | 2 +- .github/workflows/update-release-branch.yml | 4 ++-- .../workflows/update-supported-enterprise-server-versions.yml | 2 +- 8 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/check-expected-release-files.yml b/.github/workflows/check-expected-release-files.yml index edcc499dc..a066cbde5 100644 --- a/.github/workflows/check-expected-release-files.yml +++ b/.github/workflows/check-expected-release-files.yml @@ -15,7 +15,7 @@ defaults: jobs: check-expected-release-files: - runs-on: ubuntu-latest + runs-on: ubuntu-slim permissions: contents: read diff --git a/.github/workflows/label-pr-size.yml b/.github/workflows/label-pr-size.yml index 83ec360f5..965a4a858 100644 --- a/.github/workflows/label-pr-size.yml +++ b/.github/workflows/label-pr-size.yml @@ -16,7 +16,7 @@ permissions: jobs: sizeup: name: Label PR with size - runs-on: ubuntu-latest + runs-on: ubuntu-slim steps: - name: Run sizeup diff --git a/.github/workflows/post-release-mergeback.yml b/.github/workflows/post-release-mergeback.yml index b5c0f27b5..c59e6c889 100644 --- a/.github/workflows/post-release-mergeback.yml +++ b/.github/workflows/post-release-mergeback.yml @@ -24,7 +24,7 @@ defaults: jobs: merge-back: - runs-on: ubuntu-latest + runs-on: ubuntu-slim environment: Automation if: github.repository == 'github/codeql-action' env: diff --git a/.github/workflows/prepare-release.yml b/.github/workflows/prepare-release.yml index 82fa18e3b..dad6fce39 100644 --- a/.github/workflows/prepare-release.yml +++ b/.github/workflows/prepare-release.yml @@ -29,7 +29,7 @@ defaults: jobs: prepare: name: "Prepare release" - runs-on: ubuntu-latest + runs-on: ubuntu-slim if: github.repository == 'github/codeql-action' permissions: diff --git a/.github/workflows/publish-immutable-action.yml b/.github/workflows/publish-immutable-action.yml index effe2255a..9350bf2b2 100644 --- a/.github/workflows/publish-immutable-action.yml +++ b/.github/workflows/publish-immutable-action.yml @@ -10,7 +10,7 @@ defaults: jobs: publish: - runs-on: ubuntu-latest + runs-on: ubuntu-slim permissions: contents: read id-token: write diff --git a/.github/workflows/update-bundle.yml b/.github/workflows/update-bundle.yml index 8c0f8274e..f2c3cd40c 100644 --- a/.github/workflows/update-bundle.yml +++ b/.github/workflows/update-bundle.yml @@ -20,7 +20,7 @@ defaults: jobs: update-bundle: if: github.event.release.prerelease && startsWith(github.event.release.tag_name, 'codeql-bundle-') - runs-on: ubuntu-latest + runs-on: ubuntu-slim permissions: contents: write # needed to push commits pull-requests: write # needed to create pull requests diff --git a/.github/workflows/update-release-branch.yml b/.github/workflows/update-release-branch.yml index 69700a35f..830ed7c2a 100644 --- a/.github/workflows/update-release-branch.yml +++ b/.github/workflows/update-release-branch.yml @@ -26,7 +26,7 @@ jobs: update: timeout-minutes: 45 - runs-on: ubuntu-latest + runs-on: ubuntu-slim if: github.event_name == 'workflow_dispatch' needs: [prepare] env: @@ -77,7 +77,7 @@ jobs: backport: timeout-minutes: 45 - runs-on: ubuntu-latest + runs-on: ubuntu-slim environment: Automation needs: [prepare] if: ${{ (github.event_name == 'push') && needs.prepare.outputs.backport_target_branches != '[]' }} diff --git a/.github/workflows/update-supported-enterprise-server-versions.yml b/.github/workflows/update-supported-enterprise-server-versions.yml index 35d4ba01f..b6cbe0151 100644 --- a/.github/workflows/update-supported-enterprise-server-versions.yml +++ b/.github/workflows/update-supported-enterprise-server-versions.yml @@ -9,7 +9,7 @@ jobs: update-supported-enterprise-server-versions: name: Update Supported Enterprise Server Versions timeout-minutes: 45 - runs-on: ubuntu-latest + runs-on: ubuntu-slim if: github.repository == 'github/codeql-action' permissions: contents: write # needed to push commits From f0e9bf07f44488f7e3adf5ff01d04e6392b60b3b Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Thu, 30 Oct 2025 11:37:07 +0000 Subject: [PATCH 6/8] Make `isEnablementError` case-insensitive --- lib/analyze-action.js | 6 ++--- lib/init-action-post.js | 6 ++--- lib/init-action.js | 6 ++--- lib/setup-codeql-action.js | 6 ++--- lib/upload-lib.js | 6 ++--- lib/upload-sarif-action.js | 6 ++--- src/api-client.test.ts | 53 +++++++++++++++++--------------------- src/api-client.ts | 6 ++--- 8 files changed, 44 insertions(+), 51 deletions(-) diff --git a/lib/analyze-action.js b/lib/analyze-action.js index fc21c87b7..982a7ca91 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -83615,9 +83615,9 @@ async function deleteActionsCache(id) { } function isEnablementError(msg) { return [ - /Code Security must be enabled/, - /Advanced Security must be enabled/, - /Code Scanning is not enabled/ + /Code Security must be enabled/i, + /Advanced Security must be enabled/i, + /Code Scanning is not enabled/i ].some((pattern) => pattern.test(msg)); } function getFeatureEnablementError(message) { diff --git a/lib/init-action-post.js b/lib/init-action-post.js index 967bc2747..5ca41fbfb 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -116758,9 +116758,9 @@ async function listActionsCaches(key, ref) { } function isEnablementError(msg) { return [ - /Code Security must be enabled/, - /Advanced Security must be enabled/, - /Code Scanning is not enabled/ + /Code Security must be enabled/i, + /Advanced Security must be enabled/i, + /Code Scanning is not enabled/i ].some((pattern) => pattern.test(msg)); } function getFeatureEnablementError(message) { diff --git a/lib/init-action.js b/lib/init-action.js index 8ef22ae0f..b1d8e0d5f 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -80926,9 +80926,9 @@ async function getRepositoryProperties(repositoryNwo) { } function isEnablementError(msg) { return [ - /Code Security must be enabled/, - /Advanced Security must be enabled/, - /Code Scanning is not enabled/ + /Code Security must be enabled/i, + /Advanced Security must be enabled/i, + /Code Scanning is not enabled/i ].some((pattern) => pattern.test(msg)); } function getFeatureEnablementError(message) { diff --git a/lib/setup-codeql-action.js b/lib/setup-codeql-action.js index 00ea84b6e..48838e3fb 100644 --- a/lib/setup-codeql-action.js +++ b/lib/setup-codeql-action.js @@ -79275,9 +79275,9 @@ async function getAnalysisKey() { } function isEnablementError(msg) { return [ - /Code Security must be enabled/, - /Advanced Security must be enabled/, - /Code Scanning is not enabled/ + /Code Security must be enabled/i, + /Advanced Security must be enabled/i, + /Code Scanning is not enabled/i ].some((pattern) => pattern.test(msg)); } function getFeatureEnablementError(message) { diff --git a/lib/upload-lib.js b/lib/upload-lib.js index 84865dc37..2de497bf4 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -82146,9 +82146,9 @@ function computeAutomationID(analysis_key, environment) { } function isEnablementError(msg) { return [ - /Code Security must be enabled/, - /Advanced Security must be enabled/, - /Code Scanning is not enabled/ + /Code Security must be enabled/i, + /Advanced Security must be enabled/i, + /Code Scanning is not enabled/i ].some((pattern) => pattern.test(msg)); } function getFeatureEnablementError(message) { diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index ddfb90fbe..08d223226 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -82191,9 +82191,9 @@ function computeAutomationID(analysis_key, environment) { } function isEnablementError(msg) { return [ - /Code Security must be enabled/, - /Advanced Security must be enabled/, - /Code Scanning is not enabled/ + /Code Security must be enabled/i, + /Advanced Security must be enabled/i, + /Code Scanning is not enabled/i ].some((pattern) => pattern.test(msg)); } function getFeatureEnablementError(message) { diff --git a/src/api-client.test.ts b/src/api-client.test.ts index 29e3ef852..d3a5ce2bc 100644 --- a/src/api-client.test.ts +++ b/src/api-client.test.ts @@ -171,37 +171,30 @@ test("wrapApiConfigurationError correctly wraps specific configuration errors", ); // Enablement errors. - const codeSecurityNotEnabledError = new util.HTTPError( + const enablementErrorMessages = [ "Code Security must be enabled for this repository to use code scanning", - 403, - ); - res = api.wrapApiConfigurationError(codeSecurityNotEnabledError); - t.deepEqual( - res, - new util.ConfigurationError( - api.getFeatureEnablementError(codeSecurityNotEnabledError.message), - ), - ); - const advancedSecurityNotEnabledError = new util.HTTPError( "Advanced Security must be enabled for this repository to use code scanning", - 403, - ); - res = api.wrapApiConfigurationError(advancedSecurityNotEnabledError); - t.deepEqual( - res, - new util.ConfigurationError( - api.getFeatureEnablementError(advancedSecurityNotEnabledError.message), - ), - ); - const codeScanningNotEnabledError = new util.HTTPError( "Code Scanning is not enabled for this repository. Please enable code scanning in the repository settings.", - 403, - ); - res = api.wrapApiConfigurationError(codeScanningNotEnabledError); - t.deepEqual( - res, - new util.ConfigurationError( - api.getFeatureEnablementError(codeScanningNotEnabledError.message), - ), - ); + ]; + const transforms = [ + (msg: string) => msg, + (msg: string) => msg.toLowerCase(), + (msg: string) => msg.toLocaleUpperCase(), + ]; + + for (const enablementErrorMessage of enablementErrorMessages) { + for (const transform of transforms) { + const enablementError = new util.HTTPError( + transform(enablementErrorMessage), + 403, + ); + res = api.wrapApiConfigurationError(enablementError); + t.deepEqual( + res, + new util.ConfigurationError( + api.getFeatureEnablementError(enablementError.message), + ), + ); + } + } }); diff --git a/src/api-client.ts b/src/api-client.ts index f271c2791..e14048337 100644 --- a/src/api-client.ts +++ b/src/api-client.ts @@ -285,9 +285,9 @@ export async function getRepositoryProperties(repositoryNwo: RepositoryNwo) { function isEnablementError(msg: string) { return [ - /Code Security must be enabled/, - /Advanced Security must be enabled/, - /Code Scanning is not enabled/, + /Code Security must be enabled/i, + /Advanced Security must be enabled/i, + /Code Scanning is not enabled/i, ].some((pattern) => pattern.test(msg)); } From 752a642cb25304f2aaae33cfcc3911673bf65aca Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 30 Oct 2025 13:27:33 +0000 Subject: [PATCH 7/8] Update changelog for v4.31.2 --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6fd372f5b..63a04fe4f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,7 @@ See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. -## [UNRELEASED] +## 4.31.2 - 30 Oct 2025 No user facing changes. From 3b96745d2bb2af9f01a0c9a19f4ffd034ae37879 Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Thu, 30 Oct 2025 14:06:12 +0000 Subject: [PATCH 8/8] Set up Python in mergeback workflow --- .github/actions/release-initialise/action.yml | 4 ++-- .github/workflows/post-release-mergeback.yml | 3 +++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/actions/release-initialise/action.yml b/.github/actions/release-initialise/action.yml index e0a1ecca3..c21772b14 100644 --- a/.github/actions/release-initialise/action.yml +++ b/.github/actions/release-initialise/action.yml @@ -16,9 +16,9 @@ runs: shell: bash - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: - python-version: 3.12 + python-version: '3.12' - name: Install dependencies run: | diff --git a/.github/workflows/post-release-mergeback.yml b/.github/workflows/post-release-mergeback.yml index c59e6c889..1731a78ff 100644 --- a/.github/workflows/post-release-mergeback.yml +++ b/.github/workflows/post-release-mergeback.yml @@ -48,6 +48,9 @@ jobs: with: fetch-depth: 0 # ensure we have all tags and can push commits - uses: actions/setup-node@v6 + - uses: actions/setup-python@v6 + with: + python-version: '3.12' - name: Update git config run: |