* Update changelog and version after v2.1.26
* Update checked-in dependencies
* Don't check for Go logs on failure (#1279)
* Update supported GitHub Enterprise Server versions. (#1275)
Co-authored-by: GitHub <noreply@github.com>
* TRAP Caching: Add timeouts to upload/download operations
* Add logging statements declaring state of the cli_config_file_enabled
It's possible to determine this otherwise, but this makes it easier to
spot.
* Avoid using single value as array
The user config parser in the CLI doesn't yet support it.
* Extract logging statements to separate function
* Correctly report CodeQL version when using cache (#1259)
* Correctly report CodeQL version when using cache
* Add JS generated files
* Add test for return value of `setupCodeQL`
* Fill in missing return value comment
* Convert "Invalid source root" errors to UserErrors
* Add changelog note for Go extraction reconciliation (#1286)
* Add changelog note for Go extraction reconciliation
* Update CHANGELOG.md
Co-authored-by: Henry Mercer <henrymercer@github.com>
* Update CHANGELOG.md
Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>
* Tweaks from PR review
Co-authored-by: Henry Mercer <henrymercer@github.com>
Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>
* Update changelog for v2.1.27
Co-authored-by: github-actions[bot] <github-actions@github.com>
Co-authored-by: Chuan-kai Lin <cklin@github.com>
Co-authored-by: Angela P Wen <angelapwen@github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: GitHub <noreply@github.com>
Co-authored-by: Edoardo Pirovano <edoardo.pirovano@gmail.com>
Co-authored-by: Edoardo Pirovano <6748066+edoardopirovano@users.noreply.github.com>
Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>
Co-authored-by: Henry Mercer <henrymercer@github.com>
A bug preventing us from using Lua tracing for Go on Windows is fixed
in CLI 2.10.4+, so we
can now resume using Lua tracing for Go on Windows when using these
CLI versions.
This change adds:
- new `registries` block allowed in code scanning config file
- new `registries-auth-tokens` input in init action
- Change the downloadPacks function so that it accepts new parameters:
- registries block
- api auth
- Generate a qlconfig.yml file with the registries block if one is
supplied. Use this file when downloading packs.
- temporarily set the `GITHUB_TOKEN` and `CODEQL_REGISTRIES_AUTH` based
on api auth
TODO:
1. integration test
2. handle pack downloads when the config is generated by the CLI
We do not need to prefix `$CODEQL_RUNNER` here on macOS to bypass SIP,
because we assume that the `init` step exported `DYLD_INSERT_LIBRARIES`
into the environment, which activates the Actions workaround for SIP.
See https://github.com/actions/runner/pull/416.
Without this, the tracer will not be injected on MacOS, as we need the
runner to circumvent SIP.
Also add a test that tests the autobuild-action to exercise this code path.
This commit prints diagnostic messages to the Actions log when debug
logging is enabled by passing `debug: true` to `codeql-action/init` or
enabling Actions step debug logging.
This decorator enabled us to use the functionality of the Actions
toolcache within the runner too.
Now that we've deleted the runner we no longer need it.
When the codescanning config is being used by the CLI, there is a
single query suite that is generated that contains all queries to be
run by the analysis. This is different from the traditional way, where
there are potentially three query suites: builtin, custom, and packs.
We need to ensure that when the codescanning config is being used,
only a single call to run queries is used, and this call uses the
single generated query suite.
Also, this commit changes the cutoff version for codescanning config to
2.10.1. Earlier versions work, but there were some bugs that are only
fixed in 2.10.1 and later.
This commit adds the packs and queries from the actions input to the
config file used by the CodeQL CLI.
When the `+` is used, the actions input value is combined with the
config value and when it is not used, the input value overrides the
config value.
This commit also adds a bunch of integration tests for this feature.
In order to avoid adding too many new jobs, all of the tests are
run sequentially in a single job (matrixed across relevant operating
systems and OSes).
In theory, a scanned language will not setup the build tracer, and so
shouldn't care about lua versus legacy tracing. However, `go` is a
special case where the autobuilder runs under the build tracer, that
then gets disabled immediately again, unless a special environment
variable is used.
Therefore, we need to thread through the feature flag to this
`database trace-command` invocation. For other scanned languages,
this should be a no-op, as no tracing is ever set up.
